d/meson-0.59.3-x86_64-1.txz: Upgraded.
Reverted to a version that works better for us. Thanks to nobodino.
l/imagemagick-7.1.0_13-x86_64-1.txz: Upgraded.
l/pcre2-10.39-x86_64-1.txz: Upgraded.
l/sip-4.19.25-x86_64-4.txz: Rebuilt.
Fixed missing sip.h.
n/getmail-6.18.5-x86_64-1.txz: Upgraded.
a/kernel-generic-5.14.15-x86_64-1.txz: Upgraded.
a/kernel-huge-5.14.15-x86_64-1.txz: Upgraded.
a/kernel-modules-5.14.15-x86_64-1.txz: Upgraded.
d/cmake-3.21.4-x86_64-1.txz: Upgraded.
d/kernel-headers-5.14.15-x86-1.txz: Upgraded.
k/kernel-source-5.14.15-noarch-1.txz: Upgraded.
We're going to go ahead and take both of those changes that were considered
in /testing. GazL almost had me talked out of the autogroup change, but it's
easy to disable if traditional "nice" behavior is important to someone.
-DRM_I810 n
-INLINE_READ_UNLOCK y
-INLINE_READ_UNLOCK_IRQ y
-INLINE_SPIN_UNLOCK_IRQ y
-INLINE_WRITE_UNLOCK y
-INLINE_WRITE_UNLOCK_IRQ y
PREEMPT n -> y
PREEMPT_VOLUNTARY y -> n
SCHED_AUTOGROUP n -> y
+CEC_GPIO n
+DEBUG_PREEMPT y
+PREEMPTION y
+PREEMPT_COUNT y
+PREEMPT_DYNAMIC y
+PREEMPT_RCU y
+PREEMPT_TRACER n
+RCU_BOOST n
+TASKS_RCU y
+UNINLINE_SPIN_UNLOCK y
kde/plasma-desktop-5.23.2.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_12-x86_64-1.txz: Upgraded.
l/librsvg-2.52.3-x86_64-1.txz: Upgraded.
n/bind-9.16.22-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issue:
The "lame-ttl" option is now forcibly set to 0. This effectively disables
the lame server cache, as it could previously be abused by an attacker to
significantly degrade resolver performance.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219
(* Security fix *)
n/c-ares-1.18.1-x86_64-1.txz: Upgraded.
n/samba-4.15.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/slackpkg-15.0.8-noarch-1.txz: Upgraded.
Author: piterpunk <piterpunk@slackware.com>
To make it easier to do an unattended slackpkg update/upgrade process,
this commit provides different exit codes for many situations:
0 Successful slackpkg execution.
1 Something wrong happened.
20 No package found to be downloaded, installed, reinstalled,
upgraded, or removed.
50 Slackpkg itself was upgraded and you need to re-run it.
100 There are pending updates.
Code and the main manpage are updated accordingly.
In addition, this commit also:
- removes the ChangeLog.txt in doinst.sh, so the needed
'slackpkg update' after Slackpkg upgrade won't say it's all OK
and doesn't need to redo the package lists
- removes AUTHORS from manpage. Nowadays there is code from many
people in Slackpkg and it seems a bit unfair to have only my and
Evaldo's name listed there.
Signed-off-by: Robby Workman <rworkman@slackware.com>
d/meson-0.60.0-x86_64-1.txz: Upgraded.
l/ffmpeg-4.4.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_11-x86_64-1.txz: Upgraded.
l/libcap-2.60-x86_64-1.txz: Upgraded.
l/libsoup-2.74.1-x86_64-1.txz: Upgraded.
l/sip-4.19.25-x86_64-3.txz: Rebuilt.
Drop the Qt4 modules. Thanks to gmgf.
n/dhcpcd-9.4.1-x86_64-1.txz: Upgraded.
testing/packages/linux-5.14.x/kernel-generic-5.14.14-x86_64-3.txz: Rebuilt.
testing/packages/linux-5.14.x/kernel-headers-5.14.14-x86-3.txz: Rebuilt.
testing/packages/linux-5.14.x/kernel-huge-5.14.14-x86_64-3.txz: Rebuilt.
testing/packages/linux-5.14.x/kernel-modules-5.14.14-x86_64-3.txz: Rebuilt.
testing/packages/linux-5.14.x/kernel-source-5.14.14-noarch-3.txz: Rebuilt.
Let's enable SCHED_AUTOGROUP, which should improve desktop latency under a
heavy CPU load while being mostly inert on servers. It may be disabled at
boot time with a "noautogroup" kernel parameter, or at runtime like this:
echo 0 > /proc/sys/kernel/sched_autogroup_enabled
Thanks to gbschenkel.
SCHED_AUTOGROUP n -> y
a/aaa_terminfo-6.3-x86_64-1.txz: Upgraded.
a/glibc-zoneinfo-2021e-noarch-1.txz: Upgraded.
ap/itstool-2.0.7-x86_64-2.txz: Rebuilt.
Rebuilt with PYTHON=/usr/bin/python3. Thanks to USUARIONUEVO.
ap/mpg123-1.29.2-x86_64-1.txz: Upgraded.
d/meson-0.59.3-x86_64-1.txz: Upgraded.
d/parallel-20211022-noarch-1.txz: Upgraded.
d/python-pip-21.3.1-x86_64-1.txz: Upgraded.
d/python-setuptools-58.3.0-x86_64-1.txz: Upgraded.
l/exiv2-0.27.5-x86_64-1.txz: Upgraded.
l/ncurses-6.3-x86_64-1.txz: Upgraded.
n/php-7.4.25-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
FPM: PHP-FPM oob R/W in root process leading to privilege escalation.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
(* Security fix *)
xap/mozilla-thunderbird-91.2.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.2.1/releasenotes/
testing/packages/linux-5.14.x/kernel-generic-5.14.14-x86_64-2.txz: Rebuilt.
testing/packages/linux-5.14.x/kernel-headers-5.14.14-x86-2.txz: Rebuilt.
testing/packages/linux-5.14.x/kernel-huge-5.14.14-x86_64-2.txz: Rebuilt.
testing/packages/linux-5.14.x/kernel-modules-5.14.14-x86_64-2.txz: Rebuilt.
testing/packages/linux-5.14.x/kernel-source-5.14.14-noarch-2.txz: Rebuilt.
These kernels enable CONFIG_PREEMPT=y and CONFIG_PREEMPT_DYNAMIC=y allowing
the kernel preemption model to be specified on the kernel command line
with one of these options: preempt=none, preempt=voluntary, and preempt=full.
Since there is no .config option to set a default, and the default in the
kernel sources is "full" (which is probably not a good default), the
kernel-source.SlackBuild has been modified to add support for an environment
variable CONFIG_PREEMPT_DEFAULT_MODE which can be set to none, voluntary, or
full to set the default kernel preemption model when a command line option
is not provided. These kernels have been built with a preemption model of
"none" (presumably the safest choice which will behave like the kernels we
have shipped before.) The runtime overhead on 64-bit should be negligible.
On 32-bit we lack support for HAVE_STATIC_CALL_INLINE, so spinlocks and
mutexes will have to be approached through a trampoline, adding a very small
amount of overhead. I feel this is probably worth it in order to have the
option to run a kernel with voluntary or full preemption, especially for
gaming or desktop purposes. The reduction in input lag with these modes is
actually quite noticable.
To check the current preemption model, you may use debugfs:
mount -t debugfs none /sys/kernel/debug
cat /sys/kernel/debug/sched/preempt
(none) voluntary full
You may change to a different preemption model on the fly once debugfs is
mounted:
echo voluntary > /sys/kernel/debug/sched/preempt
cat /sys/kernel/debug/sched/preempt
none (voluntary) full
Thanks to Daedra.
-DRM_I810 n
-INLINE_READ_UNLOCK y
-INLINE_READ_UNLOCK_IRQ y
-INLINE_SPIN_UNLOCK_IRQ y
-INLINE_WRITE_UNLOCK y
-INLINE_WRITE_UNLOCK_IRQ y
PREEMPT n -> y
PREEMPT_VOLUNTARY y -> n
+CEC_GPIO n
+DEBUG_PREEMPT y
+PREEMPTION y
+PREEMPT_COUNT y
+PREEMPT_DYNAMIC y
+PREEMPT_RCU y
+PREEMPT_TRACER n
+RCU_BOOST n
+TASKS_RCU y
+UNINLINE_SPIN_UNLOCK y
a/lvm2-2.03.13-x86_64-1.txz: Upgraded.
Reverted to working version.
d/rust-1.56.0-x86_64-1.txz: Upgraded.
l/pipewire-0.3.39-x86_64-1.txz: Upgraded.
n/krb5-1.19.2-x86_64-2.txz: Rebuilt.
[PATCH] Fix KDC null deref on TGS inner body null server.
This fixes an issue where an authenticated attacker can cause a denial of
service in the KDC by sending a FAST TGS request with no server field.
Thanks to nobodino.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750
(* Security fix *)
x/ibus-m17n-1.4.8-x86_64-1.txz: Upgraded.
x/libinput-1.19.2-x86_64-1.txz: Upgraded.
xap/freerdp-2.4.1-x86_64-1.txz: Upgraded.
This update fixes two security issues:
Improper client input validation for gateway connections allows to overwrite
memory.
Improper region checks in all clients allow out of bound write to memory.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41159https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41160
(* Security fix *)
xap/gftp-2.7.1b-x86_64-1.txz: Upgraded.
extra/php8/php8-8.0.12-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
FPM: PHP-FPM oob R/W in root process leading to privilege escalation.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
(* Security fix *)
ap/htop-3.1.1-x86_64-1.txz: Upgraded.
d/automake-1.16.2-noarch-4.txz: Rebuilt.
The GNU toolchain is making it increasingly impossible to use our usual
"${ARCH}-slackware-linux" host, erroring out with a host mismatch on at
least GTK+2. So, we'll drop back to this version of automake for now,
with a fix applied for detecting Python 3.10. More than likely we'll be
changing the host to "${ARCH}-slackware-linux-gnu" to satisfy upstream,
but that will have to wait for the next devel cycle.
d/llvm-13.0.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/rust-1.55.0-x86_64-2.txz: Rebuilt.
Recompiled against llvm-13.0.0.
kde/kdevelop-5.6.2-x86_64-6.txz: Rebuilt.
Recompiled against llvm-13.0.0.
kde/plasma-workspace-5.23.0-x86_64-2.txz: Rebuilt.
Applied upstream patch:
[PATCH] sddm-theme: fix missing password field on "Other" page.
Thanks to USUARIONUEVO and LuckyCyborg.
l/libclc-13.0.0-x86_64-1.txz: Upgraded.
Recompiled against llvm-13.0.0.
l/python-pillow-8.4.0-x86_64-1.txz: Upgraded.
l/qt5-5.15.3_20211013_5c7c3af5-x86_64-1.txz: Upgraded.
Upgraded to latest git (might as well) and compiled against llvm-13.0.0.
l/spirv-llvm-translator-20210920_098034ea-x86_64-1.txz: Upgraded.
Recompiled against llvm-13.0.0.
x/mesa-21.2.4-x86_64-1.txz: Upgraded.
Compiled against llvm-13.0.0.
xap/pidgin-2.14.8-x86_64-1.txz: Upgraded.
a/kernel-firmware-20211012_b563148-noarch-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-26.txz: Rebuilt.
Don't include 40-usb_modeswitch.rules on the initrd. Thanks to LuckyCyborg.
d/scons-4.2.0-x86_64-1.txz: Upgraded.
l/python-charset-normalizer-2.0.7-x86_64-1.txz: Upgraded.
xfce/mousepad-0.5.7-x86_64-2.txz: Rebuilt.
Added plugins directory. Thanks to Roman Dyaba.
d/python-pip-21.3-x86_64-1.txz: Upgraded.
l/aspell-en-2020.12.07_0-x86_64-1.txz: Upgraded.
l/boost-1.77.0-x86_64-2.txz: Rebuilt.
Recompiled against python-3.10. Thanks to nobodino and ctrlaltca.
l/qt5-5.15.3_20211006_0243418f-x86_64-1.txz: Upgraded.
Updated from the repo to get a few Wayland related fixes.
n/gnutls-3.7.2-x86_64-1.txz: Upgraded.
n/httpd-2.4.51-x86_64-1.txz: Upgraded.
SECURITY: CVE-2021-42013: Path Traversal and Remote Code
Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
fix of CVE-2021-41773) (cve.mitre.org)
It was found that the fix for CVE-2021-41773 in Apache HTTP
Server 2.4.50 was insufficient. An attacker could use a path
traversal attack to map URLs to files outside the directories
configured by Alias-like directives.
If files outside of these directories are not protected by the
usual default configuration "require all denied", these requests
can succeed. If CGI scripts are also enabled for these aliased
pathes, this could allow for remote code execution.
This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
earlier versions.
Credits: Reported by Juan Escobar from Dreamlab Technologies,
Fernando MuA+-oz from NULL Life CTF Team, and Shungo Kumasaka
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013
(* Security fix *)
a/util-linux-2.37.2-x86_64-3.txz: Rebuilt.
Removed broken /usr/bin/raw symlink. Thanks to marav.
d/gdb-11.1-x86_64-2.txz: Rebuilt.
Don't ship .la files.
d/vala-0.54.2-x86_64-1.txz: Upgraded.
kde/artikulate-21.08.1-x86_64-3.txz: Rebuilt.
Fixed broken COPYING{,.DOC} symlinks. Thanks to marav.
kde/kservice-5.86.0-x86_64-4.txz: Rebuilt.
In /etc/profile.d/kde.{csh,sh}:
Fixed test for kf5 directory. Thanks to LuckyCyborg.
Make adding /etc/kde/xdg to $XDG_CONFIG_DIRS conditional on the existence
of that directory.
l/imagemagick-7.1.0_9-x86_64-1.txz: Upgraded.
n/bind-9.16.21-x86_64-4.txz: Rebuilt.
Removed broken symlink. Thanks to marav.
n/httpd-2.4.50-x86_64-1.txz: Upgraded.
x/cldr-emoji-annotation-37.0_13.0_0_2-noarch-4.txz: Rebuilt.
Fixed broken COPYING symlink. Thanks to marav.
xap/x3270-4.0ga14-x86_64-2.txz: Rebuilt.
Fixed symlinks in html directory. Thanks to marav.
d/python-setuptools-58.2.0-x86_64-1.txz: Upgraded.
kde/kservice-5.86.0-x86_64-3.txz: Rebuilt.
Fix paths in kde.{csh,sh}. Thanks to marco70.
Since kdesu and kxmlgui are looking in /usr/lib${LIBDIRSUFFIX}/kf5 for
some reason, let's just link that location to libexec/kf5 to make things
work again. Also, I'm not sure why these things are in this particular
package, but I guess they had to go somewhere.
l/python-cffi-1.14.6-x86_64-1.txz: Added.
This is needed by hexchat-2.16.0.
l/python-pycparser-2.20-x86_64-1.txz: Added.
This is needed by hexchat-2.16.0.
l/vte-0.66.0-x86_64-1.txz: Upgraded.
xap/hexchat-2.16.0-x86_64-1.txz: Upgraded.
extra/brltty/brltty-6.4-x86_64-1.txz: Upgraded.
x/liberation-fonts-ttf-2.1.5-noarch-1.txz: Upgraded.
x/libva-utils-2.13.0-x86_64-1.txz: Upgraded.
x/noto-fonts-ttf-20171024-noarch-4.txz: Rebuilt.
Package NotoSansCoptic-Regular.ttf and a few other unhinted fonts.
Thanks to Roman Dyaba.
xfce/Greybird-3.22.15-noarch-1.txz: Upgraded.
a/kernel-firmware-20210928_7a30050-noarch-1.txz: Upgraded.
d/ccache-4.4.2-x86_64-1.txz: Upgraded.
d/meson-0.59.2-x86_64-1.txz: Upgraded.
l/gc-8.0.6-x86_64-1.txz: Upgraded.
l/mlt-7.0.1-x86_64-2.txz: Rebuilt.
Fixed man page installation. Thanks to GazL and Markus Wiesner.
l/netpbm-10.96.00-x86_64-1.txz: Upgraded.
n/epic5-2.1.5-x86_64-2.txz: Rebuilt.
Fixed man page installation. Thanks to GazL and kaott.
n/openssh-8.8p1-x86_64-2.txz: Rebuilt.
Add pam_elogind.so to /etc/pam.d/sshd to track user sessions over ssh,
properly set the XDG_ variables, and create the runtime directory.
Thanks to davjohn.
xap/NetworkManager-openvpn-1.8.16-x86_64-1.txz: Upgraded.
n/nftables-1.0.0-x86_64-2.txz: Rebuilt.
Added options --with-json and --enable-python needed for firewalld.
Thanks to stormtracknole.
xap/mozilla-thunderbird-91.1.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.1.2/releasenotes/
a/kernel-generic-5.14.8-x86_64-1.txz: Upgraded.
a/kernel-huge-5.14.8-x86_64-1.txz: Upgraded.
a/kernel-modules-5.14.8-x86_64-1.txz: Upgraded.
ap/itstool-2.0.7-x86_64-1.txz: Upgraded.
d/kernel-headers-5.14.8-x86-1.txz: Upgraded.
k/kernel-source-5.14.8-noarch-1.txz: Upgraded.
l/libmtp-1.1.19-x86_64-1.txz: Upgraded.
n/getmail-6.18.4-x86_64-1.txz: Upgraded.
n/openssh-8.8p1-x86_64-1.txz: Upgraded.
Please note "Potentially-incompatible changes" from the release notes:
This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:
Host old-host
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).
[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/coreutils-9.0-x86_64-2.txz: Rebuilt.
DIR_COLORS: Add support for .tzst, .zst, .flv, and .m2t extensions.
Thanks to regdub.
a/elvis-2.2_0-x86_64-8.txz: Rebuilt.
Removed elvis.clr.orig. Thanks to ctrlaltca.
d/bison-3.8.2-x86_64-1.txz: Upgraded.
d/meson-0.59.1-x86_64-1.txz: Upgraded.
d/subversion-1.14.1-x86_64-4.txz: Rebuilt.
Added compile options --with-kwallet and --with-gnome-keyring (the latter was
already used by default). Thanks to rsts and Windu.
kde/plasma-desktop-5.22.5-x86_64-2.txz: Rebuilt.
Removed main.xml.orig. Thanks to ctrlaltca.
l/gst-plugins-bad-free-1.18.5-x86_64-1.txz: Added.
These are the "bad" GStreamer plugins that have free enough licenses to ship.
Thanks to Heinz Wiesinger.
l/gtk4-4.4.0-x86_64-1.txz: Upgraded.
l/libssh2-1.10.0-x86_64-1.txz: Upgraded.
n/lynx-2.9.0dev.9-x86_64-1.txz: Upgraded.
Based on testing here, this seems stable enough to include. Please let me
know if there are any new problems.
lynx.cfg: Add ASSUME_CHARSET:utf-8. Thanks to usr345.
Removed CHANGES.orig. Thanks to ctrlaltca.
xap/x3270-4.0ga14-x86_64-1.txz: Upgraded.
xap/xpdf-4.03-x86_64-3.txz: Rebuilt.
Removed .orig files. Thanks to ctrlaltca.
a/coreutils-9.0-x86_64-1.txz: Upgraded.
Thanks to GazL for pointing out where I needed to be looking in the code to
stick with the traditional (for us, anyway) ls quoting style.
n/ca-certificates-20210924-noarch-1.txz: Upgraded.
Removed DST_Root_CA_X3.crt.
n/cifs-utils-6.14-x86_64-1.txz: Upgraded.
a/kernel-firmware-20210923_0268c1b-noarch-1.txz: Upgraded.
d/parallel-20210922-noarch-1.txz: Upgraded.
l/pipewire-0.3.37-x86_64-1.txz: Upgraded.
l/python-urllib3-1.26.7-x86_64-1.txz: Upgraded.
xap/freerdp-2.4.0-x86_64-1.txz: Added.
This is needed for krdc to use RDP. Thanks to max242.
xfce/mousepad-0.5.7-x86_64-1.txz: Upgraded.
a/kernel-firmware-20210919_d526e04-noarch-1.txz: Upgraded.
l/gd-2.3.3-x86_64-2.txz: Rebuilt.
Applied upstream patch to restore macros used while building PHP.
Thanks to nobodino.
l/gjs-1.68.4-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_8-x86_64-1.txz: Upgraded.
l/python-charset-normalizer-2.0.6-x86_64-1.txz: Upgraded.
xfce/xfce4-whiskermenu-plugin-2.6.0-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.22.5-x86_64-2.txz: Rebuilt.
Patched to fix USB storage devices detected only once per session.
Thanks to ctrlaltca.
n/NetworkManager-1.32.10-x86_64-4.txz: Rebuilt.
Patched to shut down dhcpcd gracefully, and restored dhcpcd as the default
client when using NetworkManager on Slackware. In this case I'll swim
upstream if it means better security. Who knows what your DHCP server might
attempt when it comes to public WiFi? :-)
Thanks to Roy Marples and marav.
n/gnupg2-2.2.31-x86_64-1.txz: Upgraded.
xap/pidgin-2.14.7-x86_64-1.txz: Upgraded.
a/cryptsetup-2.4.1-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.0-noarch-5.txz: Rebuilt.
Stop D-Bus after NFS partitions are unmounted to avoid a hang.
Thanks to vulcan59 and bassmadrigal.
ap/sudo-1.9.8p1-x86_64-1.txz: Upgraded.
l/fftw-3.3.10-x86_64-1.txz: Upgraded.
l/libxkbcommon-1.3.1-x86_64-1.txz: Upgraded.
l/pipewire-0.3.36-x86_64-1.txz: Upgraded.
n/dhcpcd-9.4.0-x86_64-2.txz: Rebuilt.
Applied upstream patch:
DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages.
Thanks to marav.
n/httpd-2.4.49-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
core: ap_escape_quotes buffer overflow
mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
core: null pointer dereference on malformed request
mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
(* Security fix *)
x/ibus-libpinyin-1.12.1-x86_64-1.txz: Upgraded.
x/libpinyin-2.6.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.1.1/releasenotes/
a/etc-15.0-x86_64-17.txz: Rebuilt.
Added named:named (53:53) user and group.
a/kernel-firmware-20210915_198ac65-noarch-1.txz: Upgraded.
a/kernel-generic-5.14.4-x86_64-1.txz: Upgraded.
a/kernel-huge-5.14.4-x86_64-1.txz: Upgraded.
a/kernel-modules-5.14.4-x86_64-1.txz: Upgraded.
ap/sudo-1.9.8-x86_64-1.txz: Upgraded.
d/kernel-headers-5.14.4-x86-1.txz: Upgraded.
k/kernel-source-5.14.4-noarch-1.txz: Upgraded.
kde/breeze-icons-5.85.0-noarch-2.txz: Rebuilt.
Patched with upstream commit to allow using this icon theme with Xfce.
l/fluidsynth-2.2.3-x86_64-1.txz: Upgraded.
l/python-charset-normalizer-2.0.5-x86_64-1.txz: Upgraded.
l/qca-2.3.4-x86_64-1.txz: Upgraded.
n/NetworkManager-1.32.10-x86_64-3.txz: Rebuilt.
Switch to dhcp=internal to avoid problems swimming upstream.
For those looking for a fix to continue using dhcpcd, a PRIVSEP build
variable was added to the SlackBuild, and you may produce a fully
NetworkManager compatible dhcpcd package with this command:
PRIVSEP=no ./dhcpcd.SlackBuild
Privilege separation remains the dhcpcd package default as we don't want
to weaken security for those using rc.inet1 along with dhcpcd.
Some additional comments about this were added to 00-dhcp-client.conf
mentioning this and the workaround of killing dhcpcd manually when
resuming with the stock dhcpcd package.
n/bind-9.16.21-x86_64-1.txz: Upgraded.
Fixed call to rndc-confgen in the install script.
Make /etc/rndc.key owned by named:named.
Run named as named:named by default (configurable in /etc/default/named).
rc.bind: chown /run/named and /var/named to configured user:group.
Thanks to Ressy for prompting this cleanup. :)
n/curl-7.79.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
clear the leftovers pointer when sending succeeds.
do not ignore --ssl-reqd.
reject STARTTLS server response pipelining.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
(* Security fix *)
n/links-2.24-x86_64-1.txz: Upgraded.
n/wireguard-tools-1.0.20210914-x86_64-1.txz: Upgraded.
x/libinput-1.19.0-x86_64-1.txz: Upgraded.
xap/gimp-2.10.28-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/grub-2.06-x86_64-4.txz: Rebuilt.
Install file in /etc/grub.d as .new so that they won't be clobbered by
future package updates.
Patch grub-mkconfig to skip .new files in /etc/grub.d.
Thanks to denydias.
d/bison-3.7.6-x86_64-1.txz: Upgraded.
Reverted bison-3.8 since it breaks building glibc. Looks like I picked the
wrong week to upgrade bison. ;-)
Thanks to nobodino.
l/jansson-2.14-x86_64-1.txz: Upgraded.
l/libcap-2.57-x86_64-1.txz: Upgraded.
l/liburing-2.1-x86_64-1.txz: Upgraded.
xap/libnma-1.8.32-x86_64-2.txz: Rebuilt.
Added glib-compile-schemas to the install script. Thanks to bormant.
xap/network-manager-applet-1.24.0-x86_64-2.txz: Rebuilt.
Removed glib-compile-schemas from the install script. Thanks to bormant.
d/python-setuptools-58.0.2-x86_64-1.txz: Upgraded.
l/SDL2_mixer-2.0.4-x86_64-5.txz: Rebuilt.
Rebuilt to fix embedded shared library .so-versions used for dynamic loading.
Thanks to teeemcee.
l/fuse3-3.10.5-x86_64-1.txz: Upgraded.
l/harfbuzz-2.9.1-x86_64-1.txz: Upgraded.
l/poppler-data-0.4.11-noarch-1.txz: Upgraded.
l/sdl-1.2.15-x86_64-12.txz: Rebuilt.
Rebuilt to fix embedded shared library .so-versions in libSDL_mixer-1.2.so.0
used for dynamic loading. Thanks to teeemcee.
n/libqmi-1.30.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.1.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.1.0/releasenotes/
(* Security fix *)