a/bcachefs-tools-1.7.0-x86_64-1.txz: Added.
a/kernel-generic-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-huge-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-modules-6.9.0-x86_64-2.txz: Upgraded.
d/git-2.45.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Local clones may end up hardlinking files into the target repository's
object database when source and target repository reside on the same
disk. If the source repository is owned by a different user, then
those hardlinked files may be rewritten at any point in time by the
untrusted user.
When cloning a local source repository that contains symlinks via the
filesystem, Git may create hardlinks to arbitrary user-readable files
on the same filesystem as the target repository in the objects/
directory.
It is supposed to be safe to clone untrusted repositories, even those
unpacked from zip archives or tarballs originating from untrusted
sources, but Git can be tricked to run arbitrary code as part of the
clone.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32002https://www.cve.org/CVERecord?id=CVE-2024-32004https://www.cve.org/CVERecord?id=CVE-2024-32020https://www.cve.org/CVERecord?id=CVE-2024-32021https://www.cve.org/CVERecord?id=CVE-2024-32465
(* Security fix *)
d/kernel-headers-6.9.0-x86-2.txz: Upgraded.
d/strace-6.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.0-noarch-2.txz: Upgraded.
BCACHEFS_FS m -> y
CRYPTO_CHACHA20 m -> y
CRYPTO_LIB_CHACHA_GENERIC m -> y
CRYPTO_LIB_POLY1305_GENERIC m -> y
CRYPTO_POLY1305 m -> y
MITIGATION_GDS_FORCE y -> n
kde/wcslib-8.3-x86_64-1.txz: Upgraded.
l/gdk-pixbuf2-2.42.12-x86_64-1.txz: Upgraded.
ani: Reject files with multiple INA or IART chunks.
ani: Reject files with multiple anih chunks.
ani: validate chunk size.
Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48622
(* Security fix *)
l/gtk+3-3.24.42-x86_64-1.txz: Upgraded.
n/bind-9.18.27-x86_64-1.txz: Upgraded.
This is a bugfix release.
n/popa3d-1.0.3-x86_64-8.txz: Rebuilt.
This is a bugfix release:
Build with AUTH_PAM, not AUTH_SHADOW.
Thanks to jayjwa.
x/xorg-server-xwayland-23.2.7-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/sysvinit-scripts-2.1-noarch-40.txz: Rebuilt.
Drop old /sbin/rescan-scsi-bus as the most recent version is already present
in the sg3_utils package as /usr/bin/rescan-scsi-bus.sh.
d/meson-0.57.1-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.62-x86_64-1.txz: Upgraded.
l/sg3_utils-1.45-x86_64-4.txz: Rebuilt.
Make a symlink /sbin/rescan-scsi-bus -> /usr/bin/rescan-scsi-bus.sh in case
anyone depends on the old path / name from the sysvinit-scripts package.
n/ipset-7.11-x86_64-1.txz: Upgraded.
n/krb5-1.19.1-x86_64-1.txz: Upgraded.
n/s-nail-14.9.21-x86_64-4.txz: Rebuilt.
If there's no mail, exit. Thanks to ardya.
testing/packages/linux-5.11/kernel-generic-5.11.0-x86_64-1.txz: Added.
testing/packages/linux-5.11/kernel-headers-5.11.0-x86-1.txz: Added.
testing/packages/linux-5.11/kernel-huge-5.11.0-x86_64-1.txz: Added.
testing/packages/linux-5.11/kernel-modules-5.11.0-x86_64-1.txz: Added.
testing/packages/linux-5.11/kernel-source-5.11.0-noarch-1.txz: Added.
a/bash-4.4.023-x86_64-1.txz: Upgraded.
a/kernel-firmware-20180604_1fa9ce3-noarch-1.txz: Upgraded.
a/kernel-generic-4.14.48-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.48-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.48-x86_64-1.txz: Upgraded.
ap/cups-2.2.8-x86_64-1.txz: Upgraded.
ap/ghostscript-fonts-std-8.11-noarch-3.txz: Rebuilt.
Rebuilt this and many other font packages or packages with build scripts
that call mkfontdir or mkfontscale to suppress any error messages caused
by collisions if another package installation is writing files to the
same font directories when those utilities are run. In that case, the
other package will also be running mkfontdir/mkfontscale after the files
are installed, so any issues will be cleaned up then. Last one out turn
off the lights, so to speak.
ap/sqlite-3.24.0-x86_64-1.txz: Upgraded.
ap/terminus-font-4.40-noarch-3.txz: Rebuilt.
d/kernel-headers-4.14.48-x86-1.txz: Upgraded.
d/rust-1.26.2-x86_64-1.txz: Upgraded.
k/kernel-source-4.14.48-noarch-1.txz: Upgraded.
l/elfutils-0.171-x86_64-1.txz: Upgraded.
l/harfbuzz-1.7.7-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.37.3-x86_64-1.txz: Upgraded.
l/readline-7.0.005-x86_64-1.txz: Upgraded.
x/dejavu-fonts-ttf-2.37-noarch-4.txz: Rebuilt.
x/font-adobe-100dpi-1.0.3-noarch-3.txz: Rebuilt.
x/font-adobe-75dpi-1.0.3-noarch-3.txz: Rebuilt.
x/font-adobe-utopia-100dpi-1.0.4-noarch-3.txz: Rebuilt.
x/font-adobe-utopia-75dpi-1.0.4-noarch-3.txz: Rebuilt.
x/font-adobe-utopia-type1-1.0.4-noarch-3.txz: Rebuilt.
x/font-arabic-misc-1.0.3-noarch-3.txz: Rebuilt.
x/font-bh-100dpi-1.0.3-noarch-3.txz: Rebuilt.
x/font-bh-75dpi-1.0.3-noarch-3.txz: Rebuilt.
x/font-bh-lucidatypewriter-100dpi-1.0.3-noarch-3.txz: Rebuilt.
x/font-bh-lucidatypewriter-75dpi-1.0.3-noarch-3.txz: Rebuilt.
x/font-bh-ttf-1.0.3-noarch-3.txz: Rebuilt.
x/font-bh-type1-1.0.3-noarch-3.txz: Rebuilt.
x/font-bitstream-100dpi-1.0.3-noarch-3.txz: Rebuilt.
x/font-bitstream-75dpi-1.0.3-noarch-3.txz: Rebuilt.
x/font-bitstream-speedo-1.0.2-noarch-3.txz: Rebuilt.
x/font-bitstream-type1-1.0.3-noarch-3.txz: Rebuilt.
x/font-cronyx-cyrillic-1.0.3-noarch-3.txz: Rebuilt.
x/font-cursor-misc-1.0.3-noarch-3.txz: Rebuilt.
x/font-daewoo-misc-1.0.3-noarch-3.txz: Rebuilt.
x/font-dec-misc-1.0.3-noarch-3.txz: Rebuilt.
x/font-ibm-type1-1.0.3-noarch-3.txz: Rebuilt.
x/font-isas-misc-1.0.3-noarch-3.txz: Rebuilt.
x/font-jis-misc-1.0.3-noarch-3.txz: Rebuilt.
x/font-micro-misc-1.0.3-noarch-3.txz: Rebuilt.
x/font-misc-cyrillic-1.0.3-noarch-3.txz: Rebuilt.
x/font-misc-ethiopic-1.0.3-noarch-3.txz: Rebuilt.
x/font-misc-meltho-1.0.3-noarch-3.txz: Rebuilt.
x/font-misc-misc-1.1.2-noarch-3.txz: Rebuilt.
x/font-mutt-misc-1.0.3-noarch-3.txz: Rebuilt.
x/font-schumacher-misc-1.1.2-noarch-3.txz: Rebuilt.
x/font-screen-cyrillic-1.0.4-noarch-3.txz: Rebuilt.
x/font-sony-misc-1.0.3-noarch-3.txz: Rebuilt.
x/font-sun-misc-1.0.3-noarch-3.txz: Rebuilt.
x/font-winitzki-cyrillic-1.0.3-noarch-3.txz: Rebuilt.
x/font-xfree86-type1-1.0.4-noarch-3.txz: Rebuilt.
x/liberation-fonts-ttf-2.00.1-noarch-3.txz: Rebuilt.
x/libinput-1.11.0-x86_64-1.txz: Upgraded.
x/sazanami-fonts-ttf-20040629-noarch-3.txz: Rebuilt.
x/sinhala_lklug-font-ttf-20060929-noarch-3.txz: Rebuilt.
x/tibmachuni-font-ttf-1.901b-noarch-3.txz: Rebuilt.
x/ttf-indic-fonts-0.5.14-noarch-3.txz: Rebuilt.
x/ttf-tlwg-0.6.4-noarch-3.txz: Rebuilt.
x/urw-core35-fonts-otf-20170801_91edd6e_git-noarch-2.txz: Rebuilt.
x/wqy-zenhei-font-ttf-0.8.38_1-noarch-6.txz: Rebuilt.
xap/mozilla-firefox-60.0.2-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
(* Security fix *)
xap/x3270-3.3.12ga7-x86_64-5.txz: Rebuilt.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
