a/kernel-firmware-20241122_3ed524d-noarch-1.txz: Upgraded.
a/kernel-generic-6.12.1-x86_64-1.txz: Upgraded.
a/libblockdev-3.2.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
a/libbytesize-2.11-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
a/libpwquality-1.4.5-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
a/mkinitrd-1.4.11-x86_64-48.txz: Rebuilt.
remove-orphaned-initrds: fixed output path when removing dangling symlinks.
Thanks to Mechanikx.
a/nut-2.8.2-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
a/util-linux-2.40.2-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
a/volume_key-0.3.12-x86_64-9.txz: Rebuilt.
Recompiled against python3-3.12.7.
ap/hplip-3.24.4-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
ap/linuxdoc-tools-0.9.83-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
ap/rpm-4.20.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
ap/undervolt-0.4.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/Cython-3.0.11-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/cmake-3.31.1-x86_64-1.txz: Upgraded.
d/distcc-3.4-x86_64-6.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/gdb-15.2-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/gyp-20210831_d6c5dd51-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/kernel-headers-6.12.1-x86-1.txz: Upgraded.
d/libtool-2.5.4-x86_64-1.txz: Upgraded.
d/llvm-19.1.4-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/mercurial-6.9-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/meson-1.6.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/python-pip-24.3.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/python-setuptools-75.6.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/python3-3.12.7-x86_64-1.txz: Upgraded.
Python 3.12 has been aging for more than a year, so it's time to take it.
Shared library .so-version bump.
d/scons-4.8.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
d/slacktrack-2.24-x86_64-1.txz: Upgraded.
When touching the filesystem, use xargs -P $(nproc) for a nice speedup.
k/kernel-source-6.12.1-noarch-1.txz: Upgraded.
kde/cantor-23.08.5-x86_64-13.txz: Rebuilt.
Recompiled against python3-3.12.7.
kde/kapidox-5.116.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
kde/kdev-python-23.08.5-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
kde/kig-23.08.5-x86_64-6.txz: Rebuilt.
Recompiled against python3-3.12.7.
kde/kmymoney-5.1.3-x86_64-5.txz: Rebuilt.
Recompiled against python3-3.12.7.
kde/kopeninghours-23.08.5-x86_64-6.txz: Rebuilt.
Recompiled against python3-3.12.7.
kde/krita-5.2.6-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/Mako-1.3.5-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/PyQt-builder-1.16.4-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/PyQt5-5.15.11-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/PyQt5_sip-12.15.0-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/QScintilla-2.14.1-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/avahi-20240306_709e60f-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/boost-1.86.0-x86_64-5.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/brotli-1.1.0-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/dbus-python-1.3.2-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/gexiv2-0.14.3-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/gi-docgen-2024.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/glade-3.40.0-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/gobject-introspection-1.82.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/gtk4-4.16.6-x86_64-1.txz: Upgraded.
l/lensfun-0.3.4-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/libcaca-0.99.beta20-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/libcap-ng-0.8.5-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/libmtp-1.1.22-x86_64-1.txz: Upgraded.
l/libnvme-1.11.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/libplist-2.6.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/libwebp-1.4.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/libxml2-2.13.5-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/libxslt-1.1.42-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/mozilla-nss-3.107-x86_64-1.txz: Upgraded.
l/newt-0.52.24-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/protobuf-28.3-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/pycairo-1.27.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/pycups-2.0.4-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/pycurl-7.45.3-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/pygobject3-3.50.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/pyparsing-3.1.2-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-Jinja2-3.1.4-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-MarkupSafe-3.0.2-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-PyYAML-6.0.2-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-alabaster-1.0.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-appdirs-1.4.4-x86_64-8.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-babel-2.16.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-build-1.2.2.post1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-calver-2022.6.26-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-certifi-2024.8.30-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-cffi-1.17.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-chardet-5.2.0-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-charset-normalizer-3.4.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-distro-1.9.0-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-dnspython-2.7.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-docutils-0.21.2-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-doxypypy-0.8.8.7-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-doxyqml-0.5.3-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-editables-0.5-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-flit-core-3.10.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-future-1.0.0-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-glad2-2.0.8-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-hatch-vcs-0.4.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-hatchling-1.26.3-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-html5lib-1.1-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-idna-3.10-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-imagesize-1.4.1-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-importlib_metadata-8.5.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-installer-0.7.0-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-lxml-5.3.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-markdown-3.7-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-notify2-0.3.1-x86_64-12.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-packaging-24.2-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-pathspec-0.12.1-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-pbr-6.1.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-pillow-11.0.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-pluggy-1.5.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-ply-3.11-x86_64-10.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-psutil-6.1.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-pycparser-2.22-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-pygments-2.18.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-pyproject-hooks-1.2.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-pysol_cards-0.18.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-random2-1.0.2-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-requests-2.32.3-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-sane-2.9.1-x86_64-7.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-setuptools_scm-8.1.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-six-1.16.0-x86_64-5.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-smartypants-2.0.1-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-snowballstemmer-2.2.0-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-sphinx-8.1.3-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-sphinx_rtd_theme-3.0.2-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-tomli-w-1.1.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-trove-classifiers-2024.10.21.16-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-typogrify-2.0.7-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-urllib3-2.2.3-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-webencodings-0.5.1-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-wheel-0.45.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/python-zipp-3.21.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/sip-6.8.6-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/speech-dispatcher-0.11.5-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/system-config-printer-1.5.18-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/talloc-2.4.2-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/tdb-1.4.12-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
l/tevent-0.16.1-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/epic5-3.0.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/fetchmail-6.5.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/getmail-6.19.05-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/gpgme-1.24.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/iptraf-ng-1.2.2-x86_64-1.txz: Upgraded.
n/net-snmp-5.9.4-x86_64-6.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/nftables-1.1.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/nmap-7.95-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/nss-pam-ldapd-0.9.12-x86_64-5.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/obexftp-0.24.2-x86_64-14.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/php-8.3.14-x86_64-1.txz: Upgraded.
This update fixes security issues:
LDAP: Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape).
(CVE-2024-8932)
MySQLnd: Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap
through heap buffer over-read). (CVE-2024-8929)
PDO DBLIB: Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib
quoter causing OOB writes). (CVE-2024-11236)
PDO Firebird: Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the
firebird quoter causing OOB writes). (CVE-2024-11236)
Streams: Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream
context might allow for CRLF injection in URIs). (CVE-2024-11234)
Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with
convert.quoted-printable-decode filter). (CVE-2024-11233)
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.14https://www.cve.org/CVERecord?id=CVE-2024-8932https://www.cve.org/CVERecord?id=CVE-2024-8929https://www.cve.org/CVERecord?id=CVE-2024-11236https://www.cve.org/CVERecord?id=CVE-2024-11234https://www.cve.org/CVERecord?id=CVE-2024-11233
(* Security fix *)
n/pssh-2.3.5-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
n/samba-4.21.1-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
x/ibus-1.5.31-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
x/ibus-anthy-1.5.16-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
x/ibus-hangul-1.5.5-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
x/ibus-libpinyin-1.15.8-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
x/ibus-table-1.17.8-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
x/marisa-0.2.6-x86_64-12.txz: Rebuilt.
Recompiled against python3-3.12.7.
x/pyxdg-0.28-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
x/xcb-proto-1.17.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
xap/blueman-2.4.3-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.12.7.
xap/hexchat-2.16.2-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.12.7.
extra/brltty/brltty-6.7-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.12.7.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20241108_ad74054-noarch-1.txz: Upgraded.
a/kernel-generic-6.11.7-x86_64-1.txz: Upgraded.
Unless disabled in /etc/default/geninitrd, automatically generate an initial
ramdisk upon package installation or upgrade.
a/mkinitrd-1.4.11-x86_64-46.txz: Rebuilt.
geninitrd: also accept /opt/sbin/geninitrd as an override.
Suggested by regdub.
Since the installer sends different args to the setup scripts, we can't use
$1 as the kernel file with setup.01.mkinitrd, so convert it into a variable
in geninitrd instead (if needed).
mkinitrd_command_generator.sh: pvdisplay will complain if there are any file
descriptors besides stdin, stdout, and stderr, which will always be true when
called from a package install script due to file locking. So send stderr from
the two calls to pvdisplay to /dev/null.
d/kernel-headers-6.11.7-x86-1.txz: Upgraded.
k/kernel-source-6.11.7-noarch-1.txz: Upgraded.
l/python-packaging-24.2-x86_64-1.txz: Upgraded.
n/iptables-1.8.11-x86_64-1.txz: Upgraded.
n/lftp-4.9.3-x86_64-1.txz: Upgraded.
x/ibus-m17n-1.4.34-x86_64-1.txz: Upgraded.
x/xbacklight-1.2.4-x86_64-1.txz: Upgraded.
x/xf86-video-nouveau-1.0.18-x86_64-1.txz: Upgraded.
x/xrandr-1.5.3-x86_64-1.txz: Upgraded.
xfce/xfce4-weather-plugin-0.11.3-x86_64-1.txz: Upgraded.
extra/xf86-video-fbdev/xf86-video-fbdev-0.5.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20241101_376de1f-noarch-1.txz: Upgraded.
a/kernel-generic-6.11.6-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-42.txz: Rebuilt.
geninitrd: you can still point this at a kernel symlink, but by default it
will make initrd-${KERNEL_VERSION}.img for the newest kernel it finds in
the /boot directory.
a/pkgtools-15.1-noarch-16.txz: Rebuilt.
make-kernel-backup: don't make copies of any of the files, nor include an
initrd in the package. The only added "files" will be two symlinks,
vmlinuz-backup, and initrd-backup.img (if symlinks are enabled).
d/kernel-headers-6.11.6-x86-1.txz: Upgraded.
d/valgrind-3.24.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.11.6-noarch-1.txz: Upgraded.
l/fluidsynth-2.4.0-x86_64-1.txz: Upgraded.
l/gtk4-4.16.4-x86_64-1.txz: Upgraded.
l/libzip-1.11.2-x86_64-1.txz: Upgraded.
Fix performance regression in zip_stat introduced in 1.11.
l/spirv-llvm-translator-19.1.1-x86_64-1.txz: Upgraded.
n/uucp-1.07-x86_64-7.txz: Rebuilt.
Add some documentation. Thanks to jayjwa.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/elilo-3.16-x86_64-18.txz: Rebuilt.
eliloconfig: if we don't find initrd-generic.img, try to fall back on
/boot/initrd.gz. Thanks to rworkman.
a/kernel-firmware-20241022_e1d9577-noarch-1.txz: Upgraded.
a/kernel-generic-6.11.5-x86_64-1.txz: Upgraded.
a/less-668-x86_64-1.txz: Upgraded.
a/openssl11-solibs-1.1.1zb-x86_64-1.txz: Upgraded.
a/sysvinit-3.11-x86_64-1.txz: Upgraded.
a/usbutils-018-x86_64-1.txz: Upgraded.
d/kernel-headers-6.11.5-x86-1.txz: Upgraded.
d/parallel-20241022-noarch-1.txz: Upgraded.
d/swig-4.3.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.11.5-noarch-1.txz: Upgraded.
l/libvisio-0.1.8-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.10.21.16-x86_64-1.txz: Upgraded.
n/openssl11-1.1.1zb-x86_64-1.txz: Upgraded.
Apply patch to fix a security issue:
Harden BN_GF2m_poly2arr against misuse.
This CVE was fixed by the 1.1.1zb release that is only available to
subscribers to OpenSSL's premium extended support. The patch was prepared
by backporting from the OpenSSL-3.0 repo. The reported version number has
been updated so that vulnerability scanners calm down.
Thanks to Ken Zalewski for the patch!
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-9143
(* Security fix *)
xap/gucharmap-16.0.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.3.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.3.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20241017_8dbcf94-noarch-1.txz: Upgraded.
a/kernel-generic-6.11.4-x86_64-1.txz: Upgraded.
ap/usbmuxd-20240916_0b1b233-x86_64-1.txz: Upgraded.
Fix USB tethering to an iPhone. Thanks to skubik and marav.
d/autoconf-archive-2024.10.16-noarch-1.txz: Upgraded.
d/kernel-headers-6.11.4-x86-1.txz: Upgraded.
d/rust-1.82.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.11.4-noarch-1.txz: Upgraded.
l/glib2-2.82.2-x86_64-1.txz: Upgraded.
l/libunistring-1.3-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.10.16-x86_64-1.txz: Upgraded.
n/libtirpc-1.3.6-x86_64-1.txz: Upgraded.
x/xinit-1.4.2-x86_64-2.txz: Rebuilt.
startx: Ensure that xserverauthfile is created and given correct permissions
to avoid a startup error message. Thanks to Didier Spaier.
xap/mozilla-thunderbird-128.3.2esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.3.2esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/hostname-3.24-x86_64-1.txz: Upgraded.
a/kernel-firmware-20241010_c410e4c-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.14-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-39.txz: Rebuilt.
Symlink /boot/remove-orphaned-initrds into /usr/sbin to get it in the $PATH.
a/pkgtools-15.1-noarch-14.txz: Rebuilt.
Renamed kernel-backup to make-kernel-backup.
We'll leave it in /boot where it's more likely to be noticed, but also
add a symlink in /usr/sbin so that it's in the $PATH.
Support /etc/default/make-kernel-backup.
Test to see if $KERNEL_FILE is actually a Linux kernel.
d/kernel-headers-6.10.14-x86-1.txz: Upgraded.
k/kernel-source-6.10.14-noarch-1.txz: Upgraded.
l/python-sphinx-8.1.0-x86_64-1.txz: Upgraded.
l/python-sphinx_rtd_theme-3.0.1-x86_64-1.txz: Upgraded.
n/c-ares-1.34.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.3.1esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.3.1esr/releasenotes/
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.11.3-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.11.3-x86-1.txz: Upgraded.
testing/packages/kernel-source-6.11.3-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
a/kernel-firmware-20241001_95bfe08-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.12-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-12.txz: Rebuilt.
makepkg: when looking for ELF objects with --remove-rpaths or
--remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
of the directory or filename.
Also warn about /tmp rpaths after the package is built.
ap/cups-2.4.11-x86_64-1.txz: Upgraded.
ap/cups-browsed-2.0.1-x86_64-2.txz: Rebuilt.
Mitigate security issue that could lead to a denial of service or
the execution of arbitrary code.
Rebuilt with --with-browseremoteprotocols=none to disable incoming
connections, since this daemon has been shown to be insecure. If you
actually use cups-browsed, be sure to install the new
/etc/cups/cups-browsed.conf.new containing this line:
BrowseRemoteProtocols none
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176
(* Security fix *)
d/kernel-headers-6.10.12-x86-1.txz: Upgraded.
d/llvm-18.1.8-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
d/luajit-2.1.1727621189-x86_64-1.txz: Upgraded.
d/ruby-3.3.5-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
k/kernel-source-6.10.12-noarch-1.txz: Upgraded.
kde/kimageformats-5.116.0-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/kio-extras-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/krita-5.2.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/libindi-2.1.0-x86_64-1.txz: Upgraded.
l/cryfs-0.10.3-x86_64-13.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/espeak-ng-1.51.1-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/ffmpeg-7.1-x86_64-1.txz: Upgraded.
l/gegl-0.4.48-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/gst-plugins-bad-free-1.24.8-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/imagemagick-7.1.1_38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/libgsf-1.14.53-x86_64-1.txz: Upgraded.
l/librsvg-2.58.5-x86_64-1.txz: Upgraded.
l/libvncserver-0.9.14-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/mozjs128-128.3.0esr-x86_64-1.txz: Upgraded.
l/netpbm-11.08.00-x86_64-1.txz: Upgraded.
l/opencv-4.10.0-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/openexr-3.3.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-glad2-2.0.8-x86_64-1.txz: Upgraded.
l/python-pyproject-hooks-1.2.0-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-18.1.4-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/woff2-20231106_0f4d304-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
n/openobex-1.7.2-x86_64-6.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
x/marisa-0.2.6-x86_64-11.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
xap/gimp-2.10.38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
xap/mozilla-firefox-128.3.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2024-47https://www.cve.org/CVERecord?id=CVE-2024-9392https://www.cve.org/CVERecord?id=CVE-2024-9393https://www.cve.org/CVERecord?id=CVE-2024-9394https://www.cve.org/CVERecord?id=CVE-2024-8900https://www.cve.org/CVERecord?id=CVE-2024-9396https://www.cve.org/CVERecord?id=CVE-2024-9397https://www.cve.org/CVERecord?id=CVE-2024-9398https://www.cve.org/CVERecord?id=CVE-2024-9399https://www.cve.org/CVERecord?id=CVE-2024-9400https://www.cve.org/CVERecord?id=CVE-2024-9401https://www.cve.org/CVERecord?id=CVE-2024-9402
(* Security fix *)
xap/xlockmore-5.80-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.11.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.11.1-x86-1.txz: Upgraded.
testing/packages/kernel-source-6.11.1-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/btrfs-progs-6.11-x86_64-1.txz: Upgraded.
a/dracut-103-x86_64-1.txz: Added.
This is Red Hat's tool to generate an initramfs (aka initrd). Around here,
we try not to suffer from Not Invented Here Syndrome (some might say the
less we invent, the better ;-). It never hurts to have additional options,
and it even looks like our old friend David Cantrell is on the AUTHORS list.
I've had good luck here with:
dracut --hostonly --force /boot/initrd-6.10.11-generic.img
Thanks to Didier Spaier for convincing me to try it out.
a/gawk-5.3.1-x86_64-1.txz: Upgraded.
a/kernel-generic-6.10.11-x86_64-1.txz: Upgraded.
a/upower-1.90.6-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.11-x86-1.txz: Upgraded.
k/kernel-source-6.10.11-noarch-1.txz: Upgraded.
l/libtiff-4.7.0-x86_64-1.txz: Upgraded.
n/curl-8.10.1-x86_64-1.txz: Upgraded.
x/mesa-24.2.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20240912_b9daf8c-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.10-x86_64-1.txz: Upgraded.
The kernel modules are now bundled into this package.
a/kernel-huge-6.10.9-x86_64-1.txz: Removed.
So long, we won't miss you.
If you were actually using kernel-huge with one of the SCSI/SAS drivers that
were built in, you'll need to use kernel-generic and an initrd that contains
the needed drivers. Otherwise, just switch to kernel-generic. It'll be fine.
If unsure, make an initrd with geninitrd and have your bootloader use it.
a/kernel-modules-6.10.9-x86_64-1.txz: Removed.
Kernel modules are now bundled with the kernel-generic package.
a/libblockdev-3.2.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.10-x86-1.txz: Upgraded.
k/kernel-source-6.10.10-noarch-1.txz: Upgraded.
l/librsvg-2.58.4-x86_64-1.txz: Upgraded.
l/protobuf-28.1-x86_64-1.txz: Upgraded.
l/pygobject3-3.50.0-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.9.12-x86_64-1.txz: Upgraded.
n/nghttp3-1.5.0-x86_64-2.txz: Rebuilt.
Make sure the cmake files are installed to the correct location.
Thanks to fulalas.
x/ibus-table-1.17.8-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.10.9-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.9-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.9-x86_64-1.txz: Upgraded.
ap/texinfo-7.1.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.9-x86-1.txz: Upgraded.
d/python3-3.11.10-x86_64-1.txz: Upgraded.
This update fixes security issues:
Bundled libexpat was updated to 2.6.3.
Fix quadratic complexity in parsing "-quoted cookie values with backslashes
by http.cookies.
Fixed various false positives and false negatives in IPv4Address.is_private,
IPv4Address.is_global, IPv6Address.is_private, IPv6Address.is_global.
Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs with
path starting with multiple slashes and no authority.
Remove backtracking from tarfile header parsing for hdrcharset, PAX, and
GNU sparse headers.
email.utils.getaddresses() and email.utils.parseaddr() now return ('', '')
2-tuples in more situations where invalid email addresses are encountered
instead of potentially inaccurate values. Add optional strict parameter to
these two functions: use strict=False to get the old behavior, accept
malformed inputs. getattr(email.utils, 'supports_strict_parsing', False) can
be used to check if the strict paramater is available.
Sanitize names in zipfile.Path to avoid infinite loops (gh-122905) without
breaking contents using legitimate characters.
Email headers with embedded newlines are now quoted on output. The generator
will now refuse to serialize (write) headers that are unsafely folded or
delimited; see verify_generated_headers.
For more information, see:
https://pythoninsider.blogspot.com/2024/09/python-3130rc2-3126-31110-31015-3920.htmlhttps://www.cve.org/CVERecord?id=CVE-2024-28757https://www.cve.org/CVERecord?id=CVE-2024-45490https://www.cve.org/CVERecord?id=CVE-2024-45491https://www.cve.org/CVERecord?id=CVE-2024-45492https://www.cve.org/CVERecord?id=CVE-2024-7592https://www.cve.org/CVERecord?id=CVE-2024-4032https://www.cve.org/CVERecord?id=CVE-2015-2104https://www.cve.org/CVERecord?id=CVE-2024-6232https://www.cve.org/CVERecord?id=CVE-2023-27043https://www.cve.org/CVERecord?id=CVE-2024-8088https://www.cve.org/CVERecord?id=CVE-2024-6923
(* Security fix *)
k/kernel-source-6.10.9-noarch-1.txz: Upgraded.
TEE n -> m
+AMDTEE m
+AMD_PMF m
+AMD_PMF_DEBUG n
Thanks to nick8325 for the suggestion.
l/qt5-5.15.15_20240903_363456a6-x86_64-1.txz: Upgraded.
x/noto-emoji-2.042-noarch-1.txz: Added.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_glibc-solibs-2.40-x86_64-5.txz: Rebuilt.
a/kernel-firmware-20240828_335a1de-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.7-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.7-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.7-x86_64-1.txz: Upgraded.
a/userspace-rcu-0.14.1-x86_64-1.txz: Upgraded.
ap/man-db-2.13.0-x86_64-1.txz: Upgraded.
ap/screen-5.0.0-x86_64-1.txz: Upgraded.
ap/vim-9.1.0702-x86_64-1.txz: Upgraded.
d/cmake-3.30.3-x86_64-1.txz: Upgraded.
d/gcc-14.2.0-x86_64-2.txz: Rebuilt.
Merge in parts of alienBOB's multilib build script, generalize the script
to work with both --enable-multilib and --disable-multilib, and otherwise
clean things up. Go ahead and build it multilib on 64-bit, because why not?
It's worth the bit of bloat to no longer have this package need to be
maintained separately and kept in sync. Thanks to alienBOB.
d/gcc-g++-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gdc-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gfortran-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gm2-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gnat-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-go-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-objc-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-rust-14.2.0-x86_64-2.txz: Rebuilt.
d/kernel-headers-6.10.7-x86-1.txz: Upgraded.
d/python-setuptools-73.0.1-x86_64-1.txz: Rebuilt.
Reverted due to regression: breaks g-ir-scanner
k/kernel-source-6.10.7-noarch-1.txz: Upgraded.
l/glibc-2.40-x86_64-5.txz: Rebuilt.
Enable multilib on 64-bit. Thanks to alienBOB.
Note that Slackware 64-bit can now run a 32-bit "Hello World!" but there
are no immediate plans to add additional multilib support by default.
Maybe down the road when bare metal 32-bit support goes away.
l/glibc-i18n-2.40-x86_64-5.txz: Rebuilt.
l/glibc-profile-2.40-x86_64-5.txz: Rebuilt.
l/gtk4-4.15.6-x86_64-1.txz: Upgraded.
l/libssh-0.11.1-x86_64-1.txz: Upgraded.
l/protobuf-28.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-certifi-2024.8.30-x86_64-1.txz: Upgraded.
l/qt6-6.7.2_20240610_3f005f1e-x86_64-6.txz: Rebuilt.
Recompiled against protobuf-28.0.
n/ca-certificates-20240830-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/mosh-1.4.0-x86_64-4.txz: Rebuilt.
Recompiled against protobuf-28.0.
n/php-8.3.11-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.11
x/mesa-24.2.1-x86_64-1.txz: Upgraded.
Thanks to lucabon for the rust-bindgen patch.
xap/vim-gvim-9.1.0702-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.10.5-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.5-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.5-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.5-x86-1.txz: Upgraded.
d/python-setuptools-72.2.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.10.5-noarch-1.txz: Upgraded.
kde/okteta-0.26.16-x86_64-1.txz: Upgraded.
n/dovecot-2.3.21.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
A large number of address headers in email resulted in excessive CPU usage.
Abnormally large email headers are now truncated or discarded, with a limit
of 10MB on a single header and 50MB for all the headers of all the parts of
an email.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-23184https://www.cve.org/CVERecord?id=CVE-2024-23185
(* Security fix *)
n/lynx-2.9.2-x86_64-1.txz: Upgraded.
x/mesa-24.2.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.9.5-x86_64-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.14.0-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-7.0.2.
Thanks to Petri Kaukasoina.
extra/xv/xv-6.0.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Enjoy your shiny new vmlinuz-6.9.11-generic!
Thanks again to LuckyCyborg for teaching me about the path of least resistance.
a/grub-2.12-x86_64-14.txz: Rebuilt.
Don't mention 09_slackware_linux in the /etc/default/grub comments.
a/kernel-generic-6.9.11-x86_64-1.txz: Upgraded.
a/kernel-huge-6.9.11-x86_64-1.txz: Upgraded.
a/kernel-modules-6.9.11-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-35.txz: Rebuilt.
d/kernel-headers-6.9.11-x86-1.txz: Upgraded.
d/rust-1.80.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.11-noarch-1.txz: Upgraded.
l/xapian-core-1.4.26-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20240718_058deb9-noarch-1.txz: Upgraded.
a/kernel-generic-6.9.10-x86_64-1.txz: Upgraded.
a/kernel-huge-6.9.10-x86_64-1.txz: Upgraded.
a/kernel-modules-6.9.10-x86_64-1.txz: Upgraded.
d/cmake-3.30.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.9.10-x86-1.txz: Upgraded.
d/python-setuptools-71.0.3-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.10-noarch-1.txz: Upgraded.
kde/labplot-2.11.1-x86_64-1.txz: Upgraded.
l/python-sphinx-7.4.6-x86_64-1.txz: Upgraded.
l/sof-firmware-2024.06-noarch-1.txz: Upgraded.
n/httpd-2.4.62-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
The first CVE is for Windows, but the second one is an additional fix for
the source code disclosure regression when using AddType.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.62https://www.cve.org/CVERecord?id=CVE-2024-40898https://www.cve.org/CVERecord?id=CVE-2024-40725
(* Security fix *)
n/openvpn-2.6.12-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/btrfs-progs-6.9.2-x86_64-1.txz: Upgraded.
a/grub-2.12-x86_64-10.txz: Rebuilt.
Fix initrd path when including microcode.
Hopefully we're about out of corner cases now.
Thanks to kaott, with honorable mention to gwhl.
a/kernel-firmware-20240622_cea56a5-noarch-1.txz: Upgraded.
a/kernel-generic-6.9.7-x86_64-1.txz: Upgraded.
a/kernel-huge-6.9.7-x86_64-1.txz: Upgraded.
a/kernel-modules-6.9.7-x86_64-1.txz: Upgraded.
ap/lxc-6.0.1-x86_64-1.txz: Upgraded.
Add a few more packages to the lxc-slackware.in template:
ca-certificates, glibc-zoneinfo, libksba, openssl, perl.
Thanks to Ricardson Williams.
d/kernel-headers-6.9.7-x86-1.txz: Upgraded.
d/python-pip-24.1.1-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.7-noarch-1.txz: Upgraded.
kde/krita-5.2.3-x86_64-1.txz: Upgraded.
l/harfbuzz-9.0.0-x86_64-1.txz: Upgraded.
l/pipewire-1.2.0-x86_64-1.txz: Upgraded.
n/krb5-1.21.3-x86_64-1.txz: Upgraded.
This update fixes security issues:
Fix vulnerabilities in GSS message token handling.
Fix a potential bad pointer free in krb5_cccol_have_contents().
Fix a memory leak in the macOS ccache type.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-37370https://www.cve.org/CVERecord?id=CVE-2024-37371
(* Security fix *)
x/libinput-1.26.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/bcachefs-tools-1.7.0-x86_64-1.txz: Added.
a/kernel-generic-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-huge-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-modules-6.9.0-x86_64-2.txz: Upgraded.
d/git-2.45.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Local clones may end up hardlinking files into the target repository's
object database when source and target repository reside on the same
disk. If the source repository is owned by a different user, then
those hardlinked files may be rewritten at any point in time by the
untrusted user.
When cloning a local source repository that contains symlinks via the
filesystem, Git may create hardlinks to arbitrary user-readable files
on the same filesystem as the target repository in the objects/
directory.
It is supposed to be safe to clone untrusted repositories, even those
unpacked from zip archives or tarballs originating from untrusted
sources, but Git can be tricked to run arbitrary code as part of the
clone.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32002https://www.cve.org/CVERecord?id=CVE-2024-32004https://www.cve.org/CVERecord?id=CVE-2024-32020https://www.cve.org/CVERecord?id=CVE-2024-32021https://www.cve.org/CVERecord?id=CVE-2024-32465
(* Security fix *)
d/kernel-headers-6.9.0-x86-2.txz: Upgraded.
d/strace-6.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.0-noarch-2.txz: Upgraded.
BCACHEFS_FS m -> y
CRYPTO_CHACHA20 m -> y
CRYPTO_LIB_CHACHA_GENERIC m -> y
CRYPTO_LIB_POLY1305_GENERIC m -> y
CRYPTO_POLY1305 m -> y
MITIGATION_GDS_FORCE y -> n
kde/wcslib-8.3-x86_64-1.txz: Upgraded.
l/gdk-pixbuf2-2.42.12-x86_64-1.txz: Upgraded.
ani: Reject files with multiple INA or IART chunks.
ani: Reject files with multiple anih chunks.
ani: validate chunk size.
Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48622
(* Security fix *)
l/gtk+3-3.24.42-x86_64-1.txz: Upgraded.
n/bind-9.18.27-x86_64-1.txz: Upgraded.
This is a bugfix release.
n/popa3d-1.0.3-x86_64-8.txz: Rebuilt.
This is a bugfix release:
Build with AUTH_PAM, not AUTH_SHADOW.
Thanks to jayjwa.
x/xorg-server-xwayland-23.2.7-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
l/imagemagick-7.1.1_29-x86_64-1.txz: Upgraded.
Revert to the previous ImageMagick because the latest one is destroying SVG
files if "identify" or "display" is used on them.
Thanks to pc2005.
a/etc-15.1-x86_64-10.txz: Rebuilt.
Added nut user (218) and nut group (218).
a/genpower-1.0.5-x86_64-5.txz: Removed.
a/nut-2.8.2-x86_64-1.txz: Added.
This is a package to support uninterruptible power supplies, and replaces
the obsolete genpower package.
Thanks to V'yacheslav Stetskevych for the original SBo script.
a/sysvinit-scripts-15.1-noarch-16.txz: Rebuilt.
rc.M: start the NUT init scripts rc.nut-drvctl, rc.nut-upsd, and
rc.nut-upsmon. Remove the genpower block.
rc.6: support stopping the UPS inverter on the way down if we see
/etc/killpower. Remove the genpower block.
a/tcsh-6.24.12-x86_64-1.txz: Upgraded.
ap/man-db-2.12.1-x86_64-1.txz: Upgraded.
ap/mpg123-1.32.6-x86_64-1.txz: Upgraded.
ap/vim-9.1.0265-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.14-x86_64-1.txz: Upgraded.
d/nasm-2.16.02-x86_64-1.txz: Upgraded.
l/libproxy-0.5.5-x86_64-1.txz: Upgraded.
l/python-hatchling-1.22.5-x86_64-1.txz: Upgraded.
l/python-typing_extensions-4.11.0-x86_64-1.txz: Upgraded.
x/xdm-1.1.16-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.1.0265-x86_64-1.txz: Upgraded.
extra/bash-completion/bash-completion-2.13.0-noarch-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.13.1-x86_64-5.txz: Rebuilt.
Recompiled against xorg-server-21.1.12 to fix security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.htmlhttps://www.cve.org/CVERecord?id=CVE-2024-31080https://www.cve.org/CVERecord?id=CVE-2024-31081https://www.cve.org/CVERecord?id=CVE-2024-31082https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
a/hwdata-0.381-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.25-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.25-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.25-x86_64-1.txz: Upgraded.
d/cmake-3.29.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.25-x86-1.txz: Upgraded.
d/llvm-18.1.3-x86_64-1.txz: Upgraded.
k/kernel-source-6.6.25-noarch-1.txz: Upgraded.
kde/kstars-3.7.0-x86_64-1.txz: Upgraded.
l/enchant-2.6.9-x86_64-1.txz: Upgraded.
l/libclc-18.1.3-x86_64-1.txz: Upgraded.
l/sof-firmware-2024.03-noarch-1.txz: Upgraded.
n/gnutls-3.8.5-x86_64-1.txz: Upgraded.
n/httpd-2.4.59-x86_64-1.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59https://www.cve.org/CVERecord?id=CVE-2024-27316https://www.cve.org/CVERecord?id=CVE-2024-24795https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
n/nghttp2-1.61.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57qhttps://www.kb.cert.org/vuls/id/421644https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
x/xdg-desktop-portal-1.18.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.6.24-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.24-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.24-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.24-x86-1.txz: Upgraded.
d/python3-3.11.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.6.24-noarch-1.txz: Upgraded.
-AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT n
-GCC11_NO_ARRAY_BOUNDS y
NUMA_BALANCING n -> y
+GCC10_NO_ARRAY_BOUNDS y
+NUMA_BALANCING_DEFAULT_ENABLED y
kde/libindi-2.0.7-x86_64-1.txz: Upgraded.
l/SDL2-2.30.2-x86_64-1.txz: Upgraded.
l/aom-3.8.2-x86_64-1.txz: Added.
Needed to add AV1 encode/decode support to ffmpeg.
Thanks to Andrew Strong.
l/dav1d-1.4.1-x86_64-1.txz: Added.
Needed to add AV1 decode support to ffmpeg.
l/ffmpeg-6.1.1-x86_64-2.txz: Rebuilt.
Patched to build with nv-codec-headers-12.2.72.0. Thanks to J_W.
Compiled against aom-3.8.2 and dav1d-1.4.1 for AV1 support.
Thanks to glennmcc.
l/gtk4-4.14.2-x86_64-1.txz: Upgraded.
n/whois-5.5.22-x86_64-1.txz: Upgraded.
Fixed a segmentation fault with --no-recursion.
Updated the .bm and .vi TLD servers.
Removed 4 new gTLDs which are no longer active.
xap/MPlayer-20240403-x86_64-1.txz: Upgraded.
Compiled using --enable-libaom-lavc and --enable-libdav1d-lavc.
Thanks to glennmcc.
xap/pan-0.157-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/dcron-4.5-x86_64-17.txz: Rebuilt.
run-parts.8: document skiping *.orig files. Thanks to metaed.
a/etc-15.1-x86_64-6.txz: Rebuilt.
Add support for nss-mdns to /etc/nsswitch.conf.
a/kernel-firmware-20240220_97b693d-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.18-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.18-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.18-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-5.txz: Rebuilt.
Don't specify --with-browseremoteprotocols=cups in order to get the default
values of cups and dnssd, which should enable discovering shared printers on
the network. We'll refrain from sharing your printer -- you'll need to change
that setting yourself. ;-)
Thanks to TurboBlaze.
ap/hplip-3.23.12-x86_64-2.txz: Rebuilt.
The new --disable-imageProcessor-build option doesn't do squat, so we'll hit
it with the good old patch again.
Thanks to Petri Kaukasoina and Stuart Winter.
d/kernel-headers-6.6.18-x86-1.txz: Upgraded.
k/kernel-source-6.6.18-noarch-1.txz: Upgraded.
l/gvfs-1.52.2-x86_64-2.txz: Rebuilt.
Added -Ddnssd=true option and recompiled against avahi.
l/libsecret-0.21.4-x86_64-1.txz: Upgraded.
n/c-ares-1.27.0-x86_64-1.txz: Upgraded.
n/libgpg-error-1.48-x86_64-1.txz: Upgraded.
n/nss-mdns-0.15.1-x86_64-1.txz: Added.
Needed for .local lookups. Thanks to Lockywolf.
xap/pidgin-2.14.13-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20240208_fbef4d3-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.16-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.16-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.16-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.16-x86-1.txz: Upgraded.
k/kernel-source-6.6.16-noarch-1.txz: Upgraded.
-VIDEO_ATOMISP m
-VIDEO_ATOMISP_GC0310 n
-VIDEO_ATOMISP_GC2235 n
-VIDEO_ATOMISP_ISP2401 n
-VIDEO_ATOMISP_LM3554 n
-VIDEO_ATOMISP_MSRLIST_HELPER n
-VIDEO_ATOMISP_MT9M114 n
-VIDEO_ATOMISP_OV2722 n
-VIDEO_ATOMISP_OV5693 n
INTEL_ATOMISP y -> n
+INTEL_ATOMISP2_PM m
l/enchant-2.6.7-x86_64-1.txz: Upgraded.
l/libsecret-0.21.3-x86_64-1.txz: Upgraded.
l/libuv-1.48.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.76.0-x86_64-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.