We've gone ahead and moved the 6.6 kernel into the main tree. As previously
mentioned when this branch first appeared in /testing, on the 32-bit side
there are no longer any -smp labeled kernel packages, so if you were using
those previously, you'll need to switch to using to kernel-generic or
kernel-huge kernel, including the changes needed to your bootloader setup to
load this instead of the -smp labeled kernel. Also, if you happen to be using
a first generation Pentium M chip, you will need to append forcepae to your
kernel command-line options. Enjoy! :-)
a/kernel-firmware-20231211_f2e52a1-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.6-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.6-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.6-x86_64-1.txz: Upgraded.
ap/qpdf-11.6.4-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.6-x86-1.txz: Upgraded.
k/kernel-source-6.6.6-noarch-1.txz: Upgraded.
l/imagemagick-7.1.1_23-x86_64-1.txz: Upgraded.
l/libsecret-0.21.2-x86_64-1.txz: Upgraded.
Thanks to reddog83 and saxa.
l/zxing-cpp-2.2.1-x86_64-1.txz: Upgraded.
n/postfix-3.8.3-x86_64-2.txz: Rebuilt.
OpenSSL upstream says that major versions are ABI/API compatible, so stop
warning in the logs that they might not be.
Thanks to gildbg and Markus Wiesner.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
We have fresh 6.6 kernels in /testing! You may notice that on the 32-bit side
we have done away with the -smp labeled kernel packages, but it's actually the
other kernels that were retired -- the non-SMP, non-PAE ones. If you were
previously using kernel-generic-smp or kernel-huge-smp, you'll need to make
some adjustments to your bootloader setup to load kernel-generic or kernel-huge
instead. About the only non-obsolete CPUs that may have an issue with this are
the first generation Pentium M chips, which supported PAE but unfortunately did
not advertise this in the CPU flags. But these will support PAE if the kernel
option "forcepae" is appended at boot time. Enjoy! :-)
a/gettext-0.22.4-x86_64-1.txz: Upgraded.
a/kbd-2.6.3-x86_64-3.txz: Rebuilt.
Installed extra console fonts.
a/kernel-firmware-20231120_9552083-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.63-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.63-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.63-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-34.txz: Rebuilt.
Fix tests for including jfs/xfs repair tools. Thanks to regdub.
a/pkgtools-15.1-noarch-8.txz: Rebuilt.
Make vim the default vi choice.
ap/vim-9.0.2116-x86_64-1.txz: Upgraded.
d/gettext-tools-0.22.4-x86_64-1.txz: Upgraded.
d/git-2.43.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.63-x86-1.txz: Upgraded.
d/mercurial-6.6-x86_64-1.txz: Upgraded.
d/meson-1.3.0-x86_64-1.txz: Upgraded.
d/scons-4.6.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.63-noarch-1.txz: Upgraded.
l/readline-8.2.007-x86_64-1.txz: Upgraded.
n/c-ares-1.22.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.4-x86_64-1.txz: Upgraded.
x/libdrm-2.4.118-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-115.5.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
Thanks to zuriel for the taskbar icon fix on Wayland. :-)
For more information, see:
https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2023-50/https://www.cve.org/CVERecord?id=CVE-2023-6204https://www.cve.org/CVERecord?id=CVE-2023-6205https://www.cve.org/CVERecord?id=CVE-2023-6206https://www.cve.org/CVERecord?id=CVE-2023-6207https://www.cve.org/CVERecord?id=CVE-2023-6208https://www.cve.org/CVERecord?id=CVE-2023-6209https://www.cve.org/CVERecord?id=CVE-2023-6212
(* Security fix *)
xap/vim-gvim-9.0.2116-x86_64-1.txz: Upgraded.
xap/xsnow-3.7.6-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-headers-6.6.2-x86-1.txz: Added.
testing/packages/kernel-huge-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-modules-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-source-6.6.2-noarch-1.txz: Added.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kbd-2.6.3-x86_64-1.txz: Upgraded.
Thanks to Robby Workman.
a/kernel-firmware-20231107_2340796-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.62-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.62-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.62-x86_64-1.txz: Upgraded.
ap/sudo-1.9.15p1-x86_64-1.txz: Upgraded.
This is a bugfix release:
Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers
from being able to read the ldap.conf file.
d/kernel-headers-6.1.62-x86-1.txz: Upgraded.
k/kernel-source-6.1.62-noarch-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.11.0-x86_64-1.txz: Upgraded.
l/liburing-2.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.4.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.2/releasenotes/
xap/xlockmore-5.74-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/gawk-5.3.0-x86_64-1.txz: Upgraded.
a/kernel-firmware-20231030_2b304bf-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.61-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.61-x86_64-1.txz: Upgraded.
-EXT2_FS_POSIX_ACL y
-EXT2_FS_SECURITY y
-EXT2_FS_XATTR y
-EXT3_FS_POSIX_ACL y
-EXT3_FS_SECURITY y
EXT2_FS y -> n
EXT3_FS y -> n
NLS_ISO8859_15 m -> y
SCSI_SMARTPQI m -> y
+EXT4_USE_FOR_EXT2 y
a/kernel-modules-6.1.61-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.61-x86-1.txz: Upgraded.
k/kernel-source-6.1.61-noarch-1.txz: Upgraded.
-EXT2_FS_POSIX_ACL y
-EXT2_FS_SECURITY y
-EXT2_FS_XATTR y
-EXT3_FS_POSIX_ACL y
-EXT3_FS_SECURITY y
EXT2_FS y -> n
EXT3_FS y -> n
NLS_ISO8859_1 m -> y
NLS_ISO8859_15 m -> y
NLS_UTF8 m -> y
SCSI_VIRTIO m -> y
+EXT4_USE_FOR_EXT2 y
kde/calligra-3.2.1-x86_64-35.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/cantor-23.08.2-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/fcitx5-configtool-5.1.2-x86_64-1.txz: Upgraded.
kde/kfilemetadata-5.111.0-x86_64-3.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/kile-2.9.93-x86_64-29.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/kitinerary-23.08.2-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/krita-5.2.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/okular-23.08.2-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.11.0.
l/pipewire-0.3.84-x86_64-1.txz: Upgraded.
l/poppler-23.11.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/postfix-3.8.3-x86_64-1.txz: Upgraded.
x/fcitx5-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-anthy-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-chinese-addons-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-hangul-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-sayura-5.1.1-x86_64-1.txz: Upgraded.
x/libime-1.1.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20231024_4ee0175-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.60-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.60-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.60-x86_64-1.txz: Upgraded.
a/shadow-4.14.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.60-x86-1.txz: Upgraded.
k/kernel-source-6.1.60-noarch-1.txz: Upgraded.
Hey folks, if you've been following LQ you know I've talked before about
dropping the huge kernel and moving the distribution to use only the generic
kernel plus an initrd. After mulling this over for a few months, I think I
was looking at the problem in the wrong way. First of all, it's clear that
some Slackware users have been using the huge kernel all along, without an
initrd, and are (to say the least) unhappy about the prospect of a new
requirement to start using one. I've been recommending the generic kernel for
some time, and a major reason is that we've been using the same set of kernel
modules with two slightly different kernels. Because of this, there have
always been a few (generally seldom used) kernel modules that won't load into
the huge kernel. These are things that aren't built into the huge kernel, but
because of a difference in some kernel module dependency, they won't load.
The conclusion that I've come to here is that rather than drop the huge
kernel, or slap a LOCALVERSION on it and provide a whole duplicate tree of
kernel modules especially for the huge kernel, it would be better to make the
generic kernel more huge, and minimize the differences between the two kernel
configs.
That's what I've done here.
Shown below are the differences between the previous generic kernel config
and the one shipping in this update. You'll notice that most of the popular
filesystems are built in. At this point the main difference it that the huge
kernel has a couple of dozen SCSI drivers built into it. The modules for those
drivers won't load into the huge kernel, but they're fully built in so that
doesn't matter. If you find any other modules that will not load into the huge
kernel, please make a note about it on LQ and I'll see what can be done.
So, tl;dr - what does this change mean?
Unless your root device is on SCSI, if you were able to use the huge kernel
without an initrd previously, you should now be able to use the generic
kernel without an initrd. The kernel is a bit bigger, but we probably have
enough RAM these days that it won't make a difference.
Enjoy! :-)
-CIFS_SMB_DIRECT n
9P_FS m -> y
9P_FSCACHE n -> y
BTRFS_FS m -> y
CIFS m -> y
CRYPTO_CMAC m -> y
CRYPTO_CRC32 m -> y
CRYPTO_XXHASH m -> y
CRYPTO_ZSTD m -> y
EFIVAR_FS m -> y
EXFAT_FS m -> y
EXT2_FS m -> y
EXT3_FS m -> y
EXT4_FS m -> y
F2FS_FS m -> y
FAILOVER m -> y
FAT_FS m -> y
FSCACHE m -> y
FS_ENCRYPTION_ALGS m -> y
FS_MBCACHE m -> y
HW_RANDOM_VIRTIO m -> y
ISO9660_FS m -> y
JBD2 m -> y
JFS_FS m -> y
LZ4HC_COMPRESS m -> y
LZ4_COMPRESS m -> y
MSDOS_FS m -> y
NETFS_SUPPORT m -> y
NET_9P m -> y
NET_9P_FD m -> y
NET_9P_VIRTIO m -> y
NET_FAILOVER m -> y
NFSD m -> y
NLS_CODEPAGE_437 m -> y
NTFS3_FS m -> y
NTFS_FS m -> y
PSTORE_LZ4_COMPRESS n -> m
PSTORE_LZO_COMPRESS n -> m
PSTORE_ZSTD_COMPRESS n -> y
QFMT_V2 m -> y
QUOTA_TREE m -> y
REISERFS_FS m -> y
RPCSEC_GSS_KRB5 m -> y
SMBFS m -> y
SQUASHFS m -> y
UDF_FS m -> y
VFAT_FS m -> y
VIRTIO_BALLOON m -> y
VIRTIO_BLK m -> y
VIRTIO_CONSOLE m -> y
VIRTIO_INPUT m -> y
VIRTIO_MMIO m -> y
VIRTIO_NET m -> y
VIRTIO_PCI m -> y
VIRTIO_PCI_LIB m -> y
VIRTIO_PCI_LIB_LEGACY m -> y
VIRTIO_PMEM m -> y
XFS_FS m -> y
ZONEFS_FS n -> m
ZSTD_COMPRESS m -> y
+NFS_FSCACHE y
+PSTORE_LZ4_COMPRESS_DEFAULT n
+PSTORE_LZO_COMPRESS_DEFAULT n
+PSTORE_ZSTD_COMPRESS_DEFAULT n
kde/plasma-workspace-5.27.9.1-x86_64-1.txz: Upgraded.
l/glib2-2.78.1-x86_64-1.txz: Upgraded.
l/netpbm-11.04.03-x86_64-1.txz: Upgraded.
l/newt-0.52.24-x86_64-1.txz: Upgraded.
n/gpgme-1.23.0-x86_64-1.txz: Upgraded.
n/p11-kit-0.25.1-x86_64-1.txz: Upgraded.
n/php-8.2.12-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.2.12
x/xorg-server-21.1.9-x86_64-1.txz: Upgraded.
This update fixes security issues:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
Use-after-free bug in DestroyWindow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-5367https://www.cve.org/CVERecord?id=CVE-2023-5380
(* Security fix *)
x/xorg-server-xephyr-21.1.9-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-21.1.9-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-21.1.9-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-23.2.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-5367
(* Security fix *)
xap/mozilla-thunderbird-115.4.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/https://www.cve.org/CVERecord?id=CVE-2023-5721https://www.cve.org/CVERecord?id=CVE-2023-5732https://www.cve.org/CVERecord?id=CVE-2023-5724https://www.cve.org/CVERecord?id=CVE-2023-5725https://www.cve.org/CVERecord?id=CVE-2023-5726https://www.cve.org/CVERecord?id=CVE-2023-5727https://www.cve.org/CVERecord?id=CVE-2023-5728https://www.cve.org/CVERecord?id=CVE-2023-5730
(* Security fix *)
xfce/thunar-4.18.8-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230906_ad03b85-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.52-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.52-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.52-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.52-x86-1.txz: Upgraded.
d/lua-5.4.6-x86_64-3.txz: Rebuilt.
Set MYCFLAGS rather than CFLAGS in the build script to keep the other
default CFLAGS in src/Makefile. This automatically sets -DLUA_USE_LINUX
as well as -DLUA_COMPAT_5_3.
d/mercurial-6.5.2-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.52-noarch-1.txz: Upgraded.
kde/alkimia-8.1.2-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-33.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/cantor-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kfilemetadata-5.109.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kile-2.9.93-x86_64-27.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kitinerary-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/krita-5.1.5-x86_64-14.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/ktextaddons-1.5.0-x86_64-1.txz: Upgraded.
kde/okular-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
l/poppler-23.09.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/zstd-1.5.5-x86_64-3.txz: Rebuilt.
Fix library path in zstdTargets-release.cmake.
Thanks to Steven Voges and gian_d.
Use additional build options:
-DZSTD_BUILD_STATIC=OFF -DZSTD_PROGRAMS_LINK_SHARED=ON -DZSTD_LZ4_SUPPORT=ON
-DZSTD_LZMA_SUPPORT=ON -DZSTD_ZLIB_SUPPORT=ON
Thanks to USUARIONUEVO.
n/iproute2-6.5.0-x86_64-1.txz: Upgraded.
t/texlive-2023.230322-x86_64-5.txz: Rebuilt.
Recompiled against zlib-1.3 to fix lualatex.
Thanks to unInstance and marav.
x/ibus-libpinyin-1.15.4-x86_64-1.txz: Upgraded.
x/mesa-23.1.7-x86_64-1.txz: Upgraded.
xap/gnuplot-5.4.9-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/coreutils-9.3-x86_64-2.txz: Rebuilt.
Don't support AVX2 instructions for wc. Since it's possible to enable a
kernel option that causes the kernel to advertise AVX2 as available, but
leads to an illegal instruction if there's an attempt to actually use
AVX2 when old microcode is in use, this isn't reliable. Furthermore, wc
is used by the pkgtools and this sort of failure could lead to corruption
of the filesystem and/or package database. So, we'll disable this to be on
the safe side. Thanks to lancsuk for noticing this issue.
a/kernel-generic-6.1.48-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.48-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.48-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.48-x86-1.txz: Upgraded.
k/kernel-source-6.1.48-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230814_0e048b0-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.46-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.46-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.46-x86_64-1.txz: Upgraded.
ap/inxi-3.3.29_1-noarch-1.txz: Upgraded.
d/kernel-headers-6.1.46-x86-1.txz: Upgraded.
k/kernel-source-6.1.46-noarch-1.txz: Upgraded.
-ACPI_TINY_POWER_BUTTON n
ACPI_AC m -> y
ACPI_BATTERY m -> y
ACPI_BUTTON m -> y
ACPI_FAN m -> y
ACPI_THERMAL m -> y
kde/kirigami-addons-0.11.0-x86_64-1.txz: Upgraded.
n/bind-9.18.18-x86_64-1.txz: Upgraded.
n/httpd-2.4.57-x86_64-2.txz: Rebuilt.
rc.httpd: wait using pwait after stopping, fix usage to show force-restart.
Thanks to metaed.
n/net-snmp-5.9.4-x86_64-1.txz: Upgraded.
n/openvpn-2.6.6-x86_64-1.txz: Upgraded.
n/php-8.2.9-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Security issue with external entity loading in XML without enabling it.
Buffer mismanagement in phar_dir_read().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824
(* Security fix *)
x/xorg-server-xwayland-23.2.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.1.1/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_libraries-15.1-x86_64-21.txz: Rebuilt.
Upgraded: libcap.so.2.69, liblzma.so.5.4.4, libboost*.so.1.82.0,
libglib-2.0.so.0.7600.4, libgmodule-2.0.so.0.7600.4, libgmp.so.10.5.0,
libgmpxx.so.4.7.0, libgobject-2.0.so.0.7600.4, libgthread-2.0.so.0.7600.4,
libjpeg.so.62.4.0, libpng16.so.16.40.0, libstdc++.so.6.0.32,
libtdb.so.1.4.9, libturbojpeg.so.0.3.0.
a/kernel-firmware-20230809_789aa81-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.45-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.45-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.45-x86_64-1.txz: Upgraded.
ap/pamixer-1.5-x86_64-7.txz: Rebuilt.
Recompiled against boost-1.83.0.
d/kernel-headers-6.1.45-x86-1.txz: Upgraded.
k/kernel-source-6.1.45-noarch-1.txz: Upgraded.
kde/kig-23.04.3-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.83.0.
kde/kopeninghours-23.04.3-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.83.0.
kde/krita-5.1.5-x86_64-12.txz: Rebuilt.
Recompiled against boost-1.83.0.
l/boost-1.83.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
The shared libraries from the previous version will stick around in
the aaa_libraries package for at least a month.
l/cryfs-0.10.3-x86_64-9.txz: Rebuilt.
Recompiled against boost-1.83.0.
x/fcitx5-chinese-addons-5.0.17-x86_64-3.txz: Rebuilt.
Recompiled against boost-1.83.0.
x/libime-1.0.17-x86_64-3.txz: Rebuilt.
Recompiled against boost-1.83.0.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230724_59fbffa-noarch-1.txz: Upgraded.
AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
From Tavis Ormandy's annoucement of the issue:
"The practical result here is that you can spy on the registers of other
processes. No system calls or privileges are required.
It works across virtual machines and affects all operating systems.
I have written a poc for this issue that's fast enough to reconstruct
keys and passwords as users log in."
For more information, see:
https://seclists.org/oss-sec/2023/q3/59https://www.cve.org/CVERecord?id=CVE-2023-20593
(* Security fix *)
a/kernel-generic-6.1.41-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.41-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.41-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.41-x86-1.txz: Upgraded.
k/kernel-source-6.1.41-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.1.40-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.40-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.40-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.40-x86-1.txz: Upgraded.
k/kernel-source-6.1.40-noarch-1.txz: Upgraded.
l/imagemagick-7.1.1_14-x86_64-1.txz: Upgraded.
n/whois-5.5.18-x86_64-1.txz: Upgraded.
Updated the .ga TLD server.
Added new recovered IPv4 allocations.
Removed the delegation of 43.0.0.0/8 to JPNIC.
Removed 12 new gTLDs which are no longer active.
Improved the man page source, courtesy of Bjarni Ingi Gislason.
Added the .edu.za SLD server.
Updated the .alt.za SLD server.
Added the -ru and -su NIC handles servers.
x/glu-9.0.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
d/cmake-3.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
n/bind-9.18.17-x86_64-1.txz: Upgraded.
n/curl-8.2.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
n/openssh-9.3p2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
n/samba-4.18.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.htmlhttps://www.samba.org/samba/security/CVE-2023-3347.htmlhttps://www.samba.org/samba/security/CVE-2023-34966.htmlhttps://www.samba.org/samba/security/CVE-2023-34967.htmlhttps://www.samba.org/samba/security/CVE-2023-34968.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-2127https://www.cve.org/CVERecord?id=CVE-2023-3347https://www.cve.org/CVERecord?id=CVE-2023-34966https://www.cve.org/CVERecord?id=CVE-2023-34967https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/elilo-3.16-x86_64-16.txz: Rebuilt.
eliloconfig: don't mess with mounting efivarfs. This should be handled by
rc.S, or by whatever the admin put in /etc/fstab.
a/kernel-firmware-20230523_1ba3519-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.30-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.1-noarch-5.txz: Rebuilt.
rc.S: mount efivarfs rw, may be overridden in /etc/default/efivarfs.
ap/sc-im-0.8.3-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.30-x86-1.txz: Upgraded.
d/parallel-20230522-noarch-1.txz: Upgraded.
k/kernel-source-6.1.30-noarch-1.txz: Upgraded.
l/enchant-2.4.0-x86_64-1.txz: Upgraded.
l/glib2-2.76.3-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.38-x86_64-1.txz: Upgraded.
l/qt5-5.15.9_20230523_245f369c-x86_64-1.txz: Upgraded.
This update fixes a security issue.
Qt-based clients may mismatch HSTS headers (Strict-Transport-Security),
which would prevent the client from switching to a secure HTTPS
connection as requested by a server.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32762
(* Security fix *)
n/curl-8.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
t/texlive-2023.230322-x86_64-3.txz: Rebuilt.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
xap/mozilla-firefox-113.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/113.0.2/releasenotes/
xfce/libxfce4ui-4.18.4-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.1.24-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.24-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.24-x86_64-1.txz: Upgraded.
a/tcsh-6.24.09-x86_64-1.txz: Upgraded.
ap/vim-9.0.1450-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.24-x86-1.txz: Upgraded.
d/mercurial-6.4.1-x86_64-1.txz: Upgraded.
d/rust-bindgen-0.65.1-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.24-noarch-1.txz: Upgraded.
kde/digikam-8.0.0-x86_64-1.txz: Upgraded.
l/gobject-introspection-1.76.1-x86_64-1.txz: Upgraded.
l/pipewire-0.3.69-x86_64-1.txz: Upgraded.
When enabled, use wireplumber rather than the deprecated media-session.
Thanks to saxa for the help. :-)
n/openvpn-2.6.3-x86_64-1.txz: Upgraded.
n/php-8.2.5-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.2.5
xap/vim-gvim-9.0.1450-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230406_86da2ac-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.23-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.23-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.23-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.23-x86-1.txz: Upgraded.
d/llvm-16.0.1-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.23-noarch-1.txz: Upgraded.
l/SDL2-2.26.5-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_6-x86_64-1.txz: Upgraded.
l/isl-0.26-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-16.0.0-x86_64-2.txz: Rebuilt.
Looks like this is working now after some linking adjustments.
Thanks very much to lucabon!
x/mesa-23.0.1-x86_64-3.txz: Rebuilt.
x/xf86-input-wacom-1.2.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.22-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-32.txz: Rebuilt.
Add /lib/firmware directory to _initrd-tree.tar.gz. Thanks to walecha.
d/cmake-3.26.2-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.22-x86-1.txz: Upgraded.
d/llvm-16.0.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Thanks to Heinz Wiesinger for the assistance.
Compiled with -DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON
-DCLANG_LINK_CLANG_DYLIB=ON.
I think we'll get 16.0.1 next week if we need to make any adjustments.
d/ruby-3.2.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
ReDoS vulnerability in URI.
ReDoS vulnerability in Time.
For more information, see:
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/https://www.cve.org/CVERecord?id=CVE-2023-28755https://www.cve.org/CVERecord?id=CVE-2023-28756
(* Security fix *)
k/kernel-source-6.1.22-noarch-1.txz: Upgraded.
kde/kdevelop-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0.
l/openexr-3.1.7-x86_64-1.txz: Upgraded.
l/qt5-5.15.8_20230325_c1a3e988-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
l/spirv-llvm-translator-16.0.0-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
Thanks to Heinz Wiesinger for finding the fix for -DBUILD_SHARED_LIBS=ON.
n/pssh-2.3.5-x86_64-1.txz: Upgraded.
n/samba-4.18.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
An incomplete access check on dnsHostName allows authenticated but otherwise
unprivileged users to delete this attribute from any object in the directory.
The Samba AD DC administration tool, when operating against a remote LDAP
server, will by default send new or reset passwords over a signed-only
connection.
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential
attribute disclosure via LDAP filters was insufficient and an attacker may
be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should assume they have
been obtained and need replacing.
For more information, see:
https://www.samba.org/samba/security/CVE-2023-0225.htmlhttps://www.samba.org/samba/security/CVE-2023-0922.htmlhttps://www.samba.org/samba/security/CVE-2023-0614.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-0225https://www.cve.org/CVERecord?id=CVE-2023-0922https://www.cve.org/CVERecord?id=CVE-2023-0614
(* Security fix *)
x/mesa-23.0.1-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0 and spirv-llvm-translator-16.0.0.
xap/seamonkey-2.53.16-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.16
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.68.2-x86_64-2.txz: Rebuilt.
Use the bundled LLVM rather than the system LLVM.
This version of Rust actually does compile with llvm-16.0.0, but since it
bundles LLVM 15 let's let it use that for now.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/coreutils-9.2-x86_64-2.txz: Rebuilt.
Don't link with OpenSSL's libcrypto, as it creates problems on machines that
don't yet have openssl3 installed when /bin/sort suddenly depends upon
libcrypto.so.3. Worked fine without this previously, so it shouldn't really
make any difference. There's also a configure option to use the kernel's
crypto routines if available, but for now we'll skip this.
Thanks to rahrah.
a/kernel-firmware-20230320_bcdcfbc-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.21-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.21-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.21-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.21-x86-1.txz: Upgraded.
k/kernel-source-6.1.21-noarch-1.txz: Upgraded.
l/adwaita-icon-theme-44.0-noarch-1.txz: Upgraded.
n/gpgme-1.19.0-x86_64-1.txz: Upgraded.
n/links-2.29-x86_64-1.txz: Upgraded.
t/texlive-2023.230322-x86_64-1.txz: Upgraded.
Thanks to Johannes Schoepfer.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230125_5c11a37-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.9-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.9-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.9-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.9-x86-1.txz: Upgraded.
k/kernel-source-6.1.9-noarch-1.txz: Upgraded.
l/apr-1.7.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer. (CVE-2022-24963)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-24963https://www.cve.org/CVERecord?id=CVE-2021-35940https://www.cve.org/CVERecord?id=CVE-2017-12613
(* Security fix *)
l/apr-util-1.6.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer. (CVE-2022-25147)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-25147
(* Security fix *)
l/libhandy-1.8.1-x86_64-1.txz: Upgraded.
l/libjpeg-turbo-2.1.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.7.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.7.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/https://www.cve.org/CVERecord?id=CVE-2023-0430
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230117_7e4f0ed-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.7-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.7-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.7-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-3.txz: Rebuilt.
installpkg: allow xz to use all the available CPU threads.
makepkg: by default, allow xz to determine how many threads to use. However,
on 32-bit platforms default to 2 threads since we were using this before. If
allowed to decide, xz seems to only want to use a single thread on 32-bit.
ap/nano-7.2-x86_64-1.txz: Upgraded.
ap/sudo-1.9.12p2-x86_64-1.txz: Upgraded.
This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow
a malicious user with sudoedit privileges to edit arbitrary files.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-22809
(* Security fix *)
d/kernel-headers-6.1.7-x86-1.txz: Upgraded.
k/kernel-source-6.1.7-noarch-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.10-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
We're going to go ahead and jump to the 6.1.4 kernel, in spite of the fact
that a kernel bisect identified the patch that was preventing 32-bit from
booting here on a Thinkpad X1E:
------
From 2e479b3b82c49bfb9422274c0a9c155a41caecb7 Mon Sep 17 00:00:00 2001
From: Michael Kelley <mikelley@microsoft.com>
Date: Wed, 16 Nov 2022 10:41:24 -0800
Subject: [PATCH] x86/ioremap: Fix page aligned size calculation in
__ioremap_caller()
commit 4dbd6a3e90e03130973688fd79e19425f720d999 upstream.
Current code re-calculates the size after aligning the starting and
ending physical addresses on a page boundary. But the re-calculation
also embeds the masking of high order bits that exceed the size of
the physical address space (via PHYSICAL_PAGE_MASK). If the masking
removes any high order bits, the size calculation results in a huge
value that is likely to immediately fail.
Fix this by re-calculating the page-aligned size first. Then mask any
high order bits using PHYSICAL_PAGE_MASK.
Fixes: ffa71f33a820 ("x86, ioremap: Fix incorrect physical address handling in
PAE mode")
------
The non-SMP non-PAE 32-bit kernel is fine even without the patch revert.
The PAE kernel also works fine with this patch reverted without any need
to revert ffa71f33a820 (the patch that this one is supposed to fix). The
machine's excessive (for 32-bit) amount of physical RAM (64GB) might also
be a factor here considering the PAE kernel works on all the other machines
around here without reverting this patch.
The patch is reverted only on 32-bit. Upstream report still pending.
Enjoy! :-)
a/kernel-generic-6.1.4-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.4-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.4-x86_64-1.txz: Upgraded.
a/tree-2.1.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.4-x86-1.txz: Upgraded.
k/kernel-source-6.1.4-noarch-1.txz: Upgraded.
l/gvfs-1.50.3-x86_64-1.txz: Upgraded.
l/hunspell-1.7.2-x86_64-1.txz: Upgraded.
l/libnice-0.1.21-x86_64-1.txz: Upgraded.
n/tin-2.6.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-5.19.14-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.14-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.14-x86_64-1.txz: Upgraded.
d/kernel-headers-5.19.14-x86-1.txz: Upgraded.
k/kernel-source-5.19.14-noarch-1.txz: Upgraded.
n/dhcp-4.4.3_P1-x86_64-1.txz: Upgraded.
This update fixes two security issues:
Corrected a reference count leak that occurs when the server builds
responses to leasequery packets.
Corrected a memory leak that occurs when unpacking a packet that has an
FQDN option (81) that contains a label with length greater than 63 bytes.
Thanks to VictorV of Cyber Kunlun Lab for reporting these issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2928https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2929
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20220928_8d19846-noarch-1.txz: Upgraded.
a/kernel-generic-5.19.12-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.12-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.12-x86_64-1.txz: Upgraded.
d/kernel-headers-5.19.12-x86-1.txz: Upgraded.
k/kernel-source-5.19.12-noarch-1.txz: Upgraded.
kde/kscreenlocker-5.25.5-x86_64-2.txz: Rebuilt.
Subject: [PATCH] Set QSurfaceFormat::ResetNotification.
This got lost in frameworks porting from shared KDeclarative code and is
important (especially for NVIDIA after suspend+resume).
Thanks to marav for the heads-up.
kde/plasma-workspace-5.25.5-x86_64-3.txz: Rebuilt.
[PATCH] set setInteractiveAuthorizationAllowed on SetPassword call.
It is important that the SetPassword call uses interactive authorization,
otherwise it will be denied unless the user had been modified beforehand
so an authorization was already granted.
Thanks to marav for the heads-up.
n/gnutls-3.7.8-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
/sbin/probe: Fix duplicated enumeration of mmc storage devices (e.g. SD
cards). Thanks to gsl on LQ for the report.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
/sbin/probe: Fix duplicated enumeration of mmc storage devices (e.g. SD
cards). Thanks to gsl on LQ for the report.
a/kernel-firmware-20220923_bb3f948-noarch-1.txz: Upgraded.
a/kernel-generic-5.19.11-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.11-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.11-x86_64-1.txz: Upgraded.
ap/vim-9.0.0558-x86_64-1.txz: Upgraded.
Fixed use after free.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3256
(* Security fix *)
d/kernel-headers-5.19.11-x86-1.txz: Upgraded.
k/kernel-source-5.19.11-noarch-1.txz: Upgraded.
l/nodejs-18.9.1-x86_64-1.txz: Upgraded.
n/getmail-6.18.10-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-105.0.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/105.0.1/releasenotes/
xap/vim-gvim-9.0.0558-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_libraries-15.1-x86_64-10.txz: Rebuilt.
Upgraded: liblzma.so.5.2.6, libpng16.so.16.38.0, libslang.so.2.3.3.
Removed: libboost_*.so.1.79.0.
Use ldconfig to activate the libraries as they might be needed by install
scripts (or to chroot to the install partition from the installer).
Thanks to Stuart Winter.
a/kernel-generic-5.19.9-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.9-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.9-x86_64-1.txz: Upgraded.
ap/qpdf-11.1.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.19.9-x86-1.txz: Upgraded.
k/kernel-source-5.19.9-noarch-1.txz: Upgraded.
l/libpng-1.6.38-x86_64-1.txz: Upgraded.
l/pipewire-0.3.58-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_glibc-solibs-2.36-x86_64-3.txz: Rebuilt.
a/kernel-generic-5.19.6-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.6-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.6-x86_64-1.txz: Upgraded.
d/git-2.37.3-x86_64-1.txz: Upgraded.
d/kernel-headers-5.19.6-x86-1.txz: Upgraded.
d/ninja-1.11.1-x86_64-1.txz: Upgraded.
k/kernel-source-5.19.6-noarch-1.txz: Upgraded.
kde/krename-5.0.2-x86_64-1.txz: Upgraded.
l/glibc-2.36-x86_64-3.txz: Rebuilt.
Applied all post-release patches from the 2.36 branch.
This fixes a security issue introduced in glibc-2.36: When the syslog
function is passed a crafted input string larger than 1024 bytes, it
reads uninitialized memory from the heap and prints it to the target log
file, potentially revealing a portion of the contents of the heap.
Thanks to marav.
The patches also help with several packages failing to build from source.
Thanks to nobodino.
l/glibc-i18n-2.36-x86_64-3.txz: Rebuilt.
l/glibc-profile-2.36-x86_64-3.txz: Rebuilt.
l/libssh-0.10.1-x86_64-1.txz: Upgraded.
n/curl-7.85.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
control code in cookie denial of service.
For more information, see:
https://curl.se/docs/CVE-2022-35252.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35252
(* Security fix *)
x/fcitx5-gtk-5.0.18-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.0.15-x86_64-1.txz: Upgraded.
x/ico-1.0.6-x86_64-1.txz: Upgraded.
x/libdrm-2.4.113-x86_64-1.txz: Upgraded.
x/libfontenc-1.1.6-x86_64-1.txz: Upgraded.
x/oclock-1.0.5-x86_64-1.txz: Upgraded.
x/showfont-1.0.6-x86_64-1.txz: Upgraded.
x/xmh-1.0.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-5.19.3-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.3-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.3-x86_64-1.txz: Upgraded.
d/gcc-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-g++-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-gdc-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-gfortran-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-gnat-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-go-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-objc-12.2.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.19.3-x86-1.txz: Upgraded.
d/libtool-2.4.7-x86_64-3.txz: Rebuilt.
Recompiled to update embedded GCC version number.
d/python-setuptools-65.1.1-x86_64-1.txz: Upgraded.
Make libdir = platlib to agree with the paths in python3.
k/kernel-source-5.19.3-noarch-1.txz: Upgraded.
xfce/xfce4-panel-4.16.5-x86_64-1.txz: Upgraded.
xfce/xfdesktop-4.16.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
/etc/rc.d/rc.S: Added support for setting the Installer's root password
from a kernel cmdline key value pair: instrootpw=yourpassword
This is intended for network installations where otherwise the root password
would be unset. Note: this does not configure the OS root password.
Thanks to Stuart Winter.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
/etc/rc.d/rc.S: Added support for setting the Installer's root password
from a kernel cmdline key value pair: instrootpw=yourpassword
This is intended for network installations where otherwise the root password
would be unset. Note: this does not configure the OS root password.
Thanks to Stuart Winter.
a/aaa_glibc-solibs-2.36-x86_64-2.txz: Rebuilt.
a/kernel-generic-5.19.2-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.2-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.2-x86_64-1.txz: Upgraded.
ap/vim-9.0.0223-x86_64-1.txz: Upgraded.
Fix use after free, out-of-bounds read, and heap based buffer overflow.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
(* Security fix *)
d/kernel-headers-5.19.2-x86-1.txz: Upgraded.
k/kernel-source-5.19.2-noarch-1.txz: Upgraded.
l/glibc-2.36-x86_64-2.txz: Rebuilt.
Rebuilt with a patch from Arch to reenable DT_HASH in shared objects since
the change broke Steam games that use EPIC's EAC. I'm not exactly 100% on
board with this approach, but since DT_GNU_HASH remains and is still used,
I guess I'll go along with it for now. Hopefully EAC will be patched and we
can back this out.
Thanks to Swaggajackin for the notice and for providing links to the glibc
bug discussion as well as the patch.
If anything else needs a rebuild after this, let me know in the LQ thread.
l/glibc-i18n-2.36-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.36-x86_64-2.txz: Rebuilt.
xap/vim-gvim-9.0.0223-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/cryptsetup-2.5.0-x86_64-2.txz: Rebuilt.
Use file descriptor 3 in rc.luks's main loop so that sdtin works properly for
cryptsetup and/or a keyscript. PiterPunk gave it to me like this and then I
proceeded to break it. Sorry about that.
a/kernel-generic-5.18.14-x86_64-1.txz: Upgraded.
a/kernel-huge-5.18.14-x86_64-1.txz: Upgraded.
a/kernel-modules-5.18.14-x86_64-1.txz: Upgraded.
d/kernel-headers-5.18.14-x86-1.txz: Upgraded.
d/parallel-20220722-noarch-1.txz: Upgraded.
k/kernel-source-5.18.14-noarch-1.txz: Upgraded.
+CC_HAS_RETURN_THUNK y
+CPU_IBPB_ENTRY y
+CPU_IBRS_ENTRY y
+CPU_UNRET_ENTRY y
+RETHUNK y
+SPECULATION_MITIGATIONS y
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.