kde/kalk-23.04.0-x86_64-1.txz: Removed.
kde/ktextaddons-1.2.1-x86_64-1.txz: Upgraded.
Revert to this version until a newer one works.
kde/qcoro-0.9.0-x86_64-1.txz: Upgraded.
l/iso-codes-4.15.0-noarch-1.txz: Upgraded.
n/lynx-2.9.0dev.12-x86_64-1.txz: Upgraded.
x/xdpyinfo-1.3.4-x86_64-1.txz: Upgraded.
x/xinput-1.6.4-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-4.txz: Rebuilt.
makepkg: also let xz decide how many threads to use on ARM platforms aarch64
and riscv64. Thanks to Stuart Winter.
installpkg: fix reversed test for if a --threads option was given. It appears
that it's been wrong for years but since xz didn't support threaded
decompression yet it wasn't noticed.
a/xz-5.4.1-x86_64-2.txz: Rebuilt.
Reduce default verbosity from V_WARNING to V_ERROR to avoid sending non-fatal
memory usage information to stderr.
kde/plasma-wayland-protocols-1.10.0-x86_64-1.txz: Upgraded.
l/exiv2-0.27.6-x86_64-1.txz: Upgraded.
l/tdb-1.4.8-x86_64-1.txz: Upgraded.
x/igt-gpu-tools-1.27.1-x86_64-1.txz: Upgraded.
x/libX11-1.8.3-x86_64-2.txz: Rebuilt.
[PATCH] Fix a9e845 and 797755 Allow X*IfEvent() to reenter libX11
Thanks to marav.
d/p2c-2.02-x86_64-1.txz: Upgraded.
kde/dolphin-22.12.0-x86_64-2.txz: Rebuilt.
[PATCH] Revert "portalize drag urls"
Thanks to marav.
l/gst-plugins-bad-free-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.20.5-x86_64-1.txz: Upgraded.
l/gstreamer-1.20.5-x86_64-1.txz: Upgraded.
l/libqalculate-4.5.0-x86_64-1.txz: Upgraded.
l/libvncserver-0.9.14-x86_64-1.txz: Upgraded.
l/sdl-1.2.15-x86_64-14.txz: Rebuilt.
This update fixes a heap overflow problem in video/SDL_pixels.c in SDL.
By crafting a malicious .BMP file, an attacker can cause the application
using this library to crash, denial of service, or code execution.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-33657
(* Security fix *)
n/gnupg2-2.2.41-x86_64-1.txz: Upgraded.
n/libksba-1.6.3-x86_64-1.txz: Upgraded.
Fix another integer overflow in the CRL's signature parser.
(* Security fix *)
x/libSM-1.2.4-x86_64-1.txz: Upgraded.
x/xcb-util-0.4.1-x86_64-1.txz: Upgraded.
x/xdriinfo-1.0.7-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.7-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
d/cbindgen-0.24.3-x86_64-1.txz: Added.
d/python3-3.9.16-x86_64-1.txz: Upgraded.
This update fixes security issues:
gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680
(heap use-after-free).
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio
related name resolution functions no longer involves a quadratic algorithm
to fix CVE-2022-45061. This prevents a potential CPU denial of service if an
out-of-spec excessive length hostname involving bidirectional characters were
decoded. Some protocols such as urllib http 3xx redirects potentially allow
for an attacker to supply such a name.
gh-100001: python -m http.server no longer allows terminal control characters
sent within a garbage request to be printed to the stderr server log.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the
gc module.
gh-97514: On Linux the multiprocessing module returns to using filesystem
backed unix domain sockets for communication with the forkserver process
instead of the Linux abstract socket namespace. Only code that chooses to use
the "forkserver" start method is affected. This prevents Linux CVE-2022-42919
(potential privilege escalation) as abstract sockets have no permissions and
could allow any user on the system in the same network namespace (often the
whole system) to inject code into the multiprocessing forkserver process.
Filesystem based socket permissions restrict this to the forkserver process
user as was the default in Python 3.8 and earlier.
gh-98517: Port XKCP's fix for the buffer overflows in SHA-3 to fix
CVE-2022-37454.
gh-68966: The deprecated mailcap module now refuses to inject unsafe text
(filenames, MIME types, parameters) into shell commands to address
CVE-2015-20107. Instead of using such text, it will warn and act as if a
match was not found (or for test commands, as if the test failed).
For more information, see:
https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-43680https://www.cve.org/CVERecord?id=CVE-2022-45061https://www.cve.org/CVERecord?id=CVE-2022-42919https://www.cve.org/CVERecord?id=CVE-2022-37454https://www.cve.org/CVERecord?id=CVE-2015-20107
(* Security fix *)
d/rust-bindgen-0.63.0-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
l/pcre2-10.41-x86_64-1.txz: Upgraded.
n/proftpd-1.3.8-x86_64-1.txz: Upgraded.
x/mesa-22.3.0-x86_64-1.txz: Upgraded.
Compiled with Rusticl support. Thanks to Heinz Wiesinger.
x/xdm-1.1.14-x86_64-1.txz: Upgraded.
a/ntfs-3g-2022.10.3-x86_64-1.txz: Upgraded.
ap/mpg123-1.31.0-x86_64-1.txz: Upgraded.
ap/vim-9.0.0814-x86_64-1.txz: Upgraded.
A vulnerability was found in vim and classified as problematic. Affected by
this issue is the function qf_update_buffer of the file quickfix.c of the
component autocmd Handler. The manipulation leads to use after free. The
attack may be launched remotely. Upgrading to version 9.0.0805 is able to
address this issue.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-3705
(* Security fix *)
d/ccache-4.7.2-x86_64-1.txz: Upgraded.
d/make-4.4-x86_64-1.txz: Upgraded.
d/patchelf-0.16.1-x86_64-1.txz: Upgraded.
d/strace-6.0-x86_64-1.txz: Upgraded.
kde/kwin-5.26.2.1-x86_64-2.txz: Rebuilt.
[PATCH] x11window: revert more from 3a28c02f.
Thanks to Heinz Wiesinger.
[PATCH] x11: Don't force QT_NO_GLIB=1.
[PATCH] x11: Don't force QT_QPA_PLATFORM=xcb.
Thanks to marav.
l/libedit-20221030_3.1-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-5.0.0-x86_64-1.txz: Upgraded.
l/taglib-1.13-x86_64-1.txz: Upgraded.
l/utf8proc-2.8.0-x86_64-1.txz: Upgraded.
n/openvpn-2.5.8-x86_64-1.txz: Upgraded.
n/socat-1.7.4.4-x86_64-1.txz: Upgraded.
x/libXext-1.3.5-x86_64-1.txz: Upgraded.
x/libXinerama-1.1.5-x86_64-1.txz: Upgraded.
x/makedepend-1.0.7-x86_64-1.txz: Upgraded.
x/rgb-1.1.0-x86_64-1.txz: Upgraded.
x/sessreg-1.1.3-x86_64-1.txz: Upgraded.
x/x11perf-1.6.2-x86_64-1.txz: Upgraded.
x/xsetroot-1.1.3-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-106.0.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/106.0.3/releasenotes/
xap/mozilla-thunderbird-102.4.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.4.1/releasenotes/
xap/vim-gvim-9.0.0814-x86_64-1.txz: Upgraded.
extra/php80/php80-8.0.25-x86_64-1.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31630https://www.cve.org/CVERecord?id=CVE-2022-37454
(* Security fix *)
extra/php81/php81-8.1.12-x86_64-1.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31630https://www.cve.org/CVERecord?id=CVE-2022-37454
(* Security fix *)
ap/vim-9.0.0790-x86_64-1.txz: Upgraded.
d/ccache-4.7-x86_64-1.txz: Upgraded.
d/git-2.38.1-x86_64-1.txz: Upgraded.
This release fixes two security issues:
* CVE-2022-39253:
When relying on the `--local` clone optimization, Git dereferences
symbolic links in the source repository before creating hardlinks
(or copies) of the dereferenced link in the destination repository.
This can lead to surprising behavior where arbitrary files are
present in a repository's `$GIT_DIR` when cloning from a malicious
repository.
Git will no longer dereference symbolic links via the `--local`
clone mechanism, and will instead refuse to clone repositories that
have symbolic links present in the `$GIT_DIR/objects` directory.
Additionally, the value of `protocol.file.allow` is changed to be
"user" by default.
* CVE-2022-39260:
An overly-long command string given to `git shell` can result in
overflow in `split_cmdline()`, leading to arbitrary heap writes and
remote code execution when `git shell` is exposed and the directory
`$HOME/git-shell-commands` exists.
`git shell` is taught to refuse interactive commands that are
longer than 4MiB in size. `split_cmdline()` is hardened to reject
inputs larger than 2GiB.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
(* Security fix *)
kde/bluedevil-5.26.1-x86_64-1.txz: Upgraded.
kde/breeze-5.26.1-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.26.1-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.26.1-x86_64-1.txz: Upgraded.
kde/drkonqi-5.26.1-x86_64-1.txz: Upgraded.
kde/kactivitymanagerd-5.26.1-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.26.1-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.26.1-x86_64-1.txz: Upgraded.
kde/kdecoration-5.26.1-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.26.1-x86_64-1.txz: Upgraded.
kde/kgamma5-5.26.1-x86_64-1.txz: Upgraded.
kde/khotkeys-5.26.1-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.26.1-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.26.1-x86_64-1.txz: Upgraded.
kde/kpipewire-5.26.1-x86_64-1.txz: Upgraded.
kde/kscreen-5.26.1-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.26.1-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.26.1-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.26.1-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.26.1-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.26.1-x86_64-1.txz: Upgraded.
kde/kwin-5.26.1-x86_64-1.txz: Upgraded.
kde/kwrited-5.26.1-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.26.1-x86_64-1.txz: Upgraded.
kde/libkscreen-5.26.1-x86_64-1.txz: Upgraded.
kde/libksysguard-5.26.1-x86_64-1.txz: Upgraded.
kde/milou-5.26.1-x86_64-1.txz: Upgraded.
kde/oxygen-5.26.1-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-browser-integration-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-integration-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.26.1-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.26.1-x86_64-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.26.1-x86_64-1.txz: Upgraded.
kde/powerdevil-5.26.1-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.26.1-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.26.1-x86_64-1.txz: Upgraded.
kde/systemsettings-5.26.1-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.26.1-x86_64-1.txz: Upgraded.
l/libical-3.0.16-x86_64-1.txz: Upgraded.
l/nodejs-19.0.0-x86_64-1.txz: Upgraded.
n/NetworkManager-1.40.2-x86_64-1.txz: Upgraded.
n/whois-5.5.14-x86_64-1.txz: Upgraded.
x/libXmu-1.1.4-x86_64-1.txz: Upgraded.
x/libXpresent-1.0.1-x86_64-1.txz: Upgraded.
x/libpciaccess-0.17-x86_64-1.txz: Upgraded.
x/libxkbfile-1.1.1-x86_64-1.txz: Upgraded.
x/libxshmfence-1.3.1-x86_64-1.txz: Upgraded.
x/pixman-0.42.0-x86_64-1.txz: Upgraded.
x/xcb-util-cursor-0.1.4-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-106.0-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/106.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2022-44/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42930https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42931https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932
(* Security fix *)
xap/vim-gvim-9.0.0790-x86_64-1.txz: Upgraded.
ap/inxi-3.3.22_1-noarch-1.txz: Upgraded.
n/conntrack-tools-1.4.7-x86_64-1.txz: Upgraded.
n/libgpg-error-1.46-x86_64-1.txz: Upgraded.
n/libksba-1.6.2-x86_64-1.txz: Upgraded.
Detect a possible overflow directly in the TLV parser.
This patch detects possible integer overflows immmediately when creating
the TI object.
Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929
(* Security fix *)
n/postfix-3.7.3-x86_64-1.txz: Upgraded.
x/freeglut-3.4.0-x86_64-1.txz: Upgraded.
x/fstobdf-1.0.7-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-105.0.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/105.0.3/releasenotes/
a/aaa_glibc-solibs-2.36-x86_64-3.txz: Rebuilt.
a/kernel-generic-5.19.6-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.6-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.6-x86_64-1.txz: Upgraded.
d/git-2.37.3-x86_64-1.txz: Upgraded.
d/kernel-headers-5.19.6-x86-1.txz: Upgraded.
d/ninja-1.11.1-x86_64-1.txz: Upgraded.
k/kernel-source-5.19.6-noarch-1.txz: Upgraded.
kde/krename-5.0.2-x86_64-1.txz: Upgraded.
l/glibc-2.36-x86_64-3.txz: Rebuilt.
Applied all post-release patches from the 2.36 branch.
This fixes a security issue introduced in glibc-2.36: When the syslog
function is passed a crafted input string larger than 1024 bytes, it
reads uninitialized memory from the heap and prints it to the target log
file, potentially revealing a portion of the contents of the heap.
Thanks to marav.
The patches also help with several packages failing to build from source.
Thanks to nobodino.
l/glibc-i18n-2.36-x86_64-3.txz: Rebuilt.
l/glibc-profile-2.36-x86_64-3.txz: Rebuilt.
l/libssh-0.10.1-x86_64-1.txz: Upgraded.
n/curl-7.85.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
control code in cookie denial of service.
For more information, see:
https://curl.se/docs/CVE-2022-35252.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35252
(* Security fix *)
x/fcitx5-gtk-5.0.18-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.0.15-x86_64-1.txz: Upgraded.
x/ico-1.0.6-x86_64-1.txz: Upgraded.
x/libdrm-2.4.113-x86_64-1.txz: Upgraded.
x/libfontenc-1.1.6-x86_64-1.txz: Upgraded.
x/oclock-1.0.5-x86_64-1.txz: Upgraded.
x/showfont-1.0.6-x86_64-1.txz: Upgraded.
x/xmh-1.0.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/mcelog-187-x86_64-1.txz: Upgraded.
l/zlib-1.2.12-x86_64-2.txz: Rebuilt.
Applied an upstream patch to restore the handling of CRC inputs to be the
same as in previous releases of zlib. This fixes an issue with OpenJDK.
Thanks to alienBOB.
x/xf86-input-wacom-1.1.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.1.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.1.2/releasenotes/
Hey folks, here's that graphics stack upgrade that you've been waiting for!
After looking at what drivers are currently shipped by other projects, I took
an axe to the driver list. Some of the removed drivers will still compile even
though they are abandoned, and some of the others are still getting git commits
(which allows *some* of them to compile). The removed stuff mostly looks
obsolete to me (we really can't support ancient hardware forever). But if you
think I've gone too far with any of these removals, please make or contribute
to a thread about it on LQ and I'll take any comments there into consideration.
a/kernel-firmware-20220808_e6857b6-noarch-1.txz: Upgraded.
ap/vim-9.0.0174-x86_64-1.txz: Upgraded.
l/gnu-efi-3.0.15-x86_64-1.txz: Upgraded.
n/libtirpc-1.3.3-x86_64-1.txz: Upgraded.
n/mutt-2.2.7-x86_64-1.txz: Upgraded.
x/egl-wayland-1.1.10-x86_64-1.txz: Upgraded.
x/libdrm-2.4.112-x86_64-1.txz: Upgraded.
x/libglvnd-1.4.0-x86_64-1.txz: Upgraded.
x/mesa-22.1.5-x86_64-1.txz: Upgraded.
Includes Mesa amber 21.3.9 DRI drivers, and mesa-demos-8.5.0.
Thanks to LuckyCyborg for posting some valuable hints on LQ.
x/xcb-proto-1.15.2-x86_64-1.txz: Upgraded.
x/xf86-input-acecad-1.5.0-x86_64-14.txz: Removed.
x/xf86-input-evdev-2.10.6-x86_64-4.txz: Rebuilt.
x/xf86-input-joystick-1.6.3-x86_64-5.txz: Removed.
x/xf86-input-keyboard-1.9.0-x86_64-5.txz: Removed.
x/xf86-input-libinput-1.2.1-x86_64-2.txz: Rebuilt.
x/xf86-input-mouse-1.9.3-x86_64-3.txz: Removed.
x/xf86-input-penmount-1.5.0-x86_64-14.txz: Removed.
x/xf86-input-synaptics-1.9.2-x86_64-1.txz: Upgraded.
x/xf86-input-vmmouse-13.1.0-x86_64-9.txz: Removed.
x/xf86-input-void-1.4.1-x86_64-3.txz: Removed.
x/xf86-input-wacom-1.0.0-x86_64-2.txz: Rebuilt.
x/xf86-video-amdgpu-22.0.0-x86_64-2.txz: Rebuilt.
x/xf86-video-apm-1.3.0-x86_64-3.txz: Removed.
x/xf86-video-ark-0.7.5-x86_64-13.txz: Removed.
x/xf86-video-ast-1.1.5-x86_64-7.txz: Removed.
x/xf86-video-ati-20220730_7a6a34af-x86_64-1.txz: Upgraded.
x/xf86-video-chips-1.4.0-x86_64-3.txz: Removed.
x/xf86-video-cirrus-1.5.3-x86_64-7.txz: Removed.
x/xf86-video-dummy-0.4.0-x86_64-2.txz: Rebuilt.
x/xf86-video-glint-1.2.9-x86_64-5.txz: Removed.
x/xf86-video-i128-1.4.0-x86_64-3.txz: Removed.
x/xf86-video-i740-1.4.0-x86_64-3.txz: Removed.
x/xf86-video-intel-20210115_31486f40-x86_64-1.txz: Upgraded.
x/xf86-video-mach64-6.9.6-x86_64-3.txz: Removed.
x/xf86-video-mga-2.0.0-x86_64-3.txz: Removed.
x/xf86-video-neomagic-1.3.0-x86_64-3.txz: Removed.
x/xf86-video-nouveau-20220125_29cc528-x86_64-1.txz: Upgraded.
x/xf86-video-nv-2.1.21-x86_64-5.txz: Removed.
x/xf86-video-openchrome-0.6.0-x86_64-6.txz: Rebuilt.
x/xf86-video-r128-6.12.0-x86_64-3.txz: Removed.
x/xf86-video-rendition-4.2.7-x86_64-3.txz: Removed.
x/xf86-video-s3-0.7.0-x86_64-3.txz: Removed.
x/xf86-video-s3virge-1.11.0-x86_64-3.txz: Removed.
x/xf86-video-savage-20190128_8579718-x86_64-3.txz: Removed.
x/xf86-video-siliconmotion-1.7.9-x86_64-5.txz: Removed.
x/xf86-video-sis-0.12.0-x86_64-3.txz: Removed.
x/xf86-video-sisusb-0.9.7-x86_64-5.txz: Removed.
x/xf86-video-tdfx-1.5.0-x86_64-3.txz: Removed.
x/xf86-video-tga-1.2.2-x86_64-13.txz: Removed.
x/xf86-video-trident-1.3.8-x86_64-5.txz: Removed.
x/xf86-video-tseng-1.2.5-x86_64-13.txz: Removed.
x/xf86-video-v4l-0.3.0-x86_64-3.txz: Removed.
x/xf86-video-vboxvideo-1.0.0-x86_64-5.txz: Removed.
x/xf86-video-vesa-2.5.0-x86_64-4.txz: Rebuilt.
x/xf86-video-vmware-20220621_ff5637a-x86_64-1.txz: Upgraded.
x/xf86-video-voodoo-1.2.5-x86_64-14.txz: Removed.
x/xorg-server-21.1.4-x86_64-1.txz: Upgraded.
x/xorg-server-xephyr-21.1.4-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-21.1.4-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-21.1.4-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-22.1.3-x86_64-1.txz: Upgraded.
x/xorgproto-2022.1-x86_64-1.txz: Upgraded.
xap/geeqie-2.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-103.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/103.0.2/releasenotes/
xap/vim-gvim-9.0.0174-x86_64-1.txz: Upgraded.
extra/xf86-video-fbdev/xf86-video-fbdev-0.5.0-x86_64-2.txz: Rebuilt.
a/openssl-solibs-1.1.1o-x86_64-1.txz: Upgraded.
ap/sqlite-3.38.4-x86_64-1.txz: Upgraded.
d/mercurial-6.1.2-x86_64-1.txz: Upgraded.
l/libnice-0.1.19-x86_64-1.txz: Upgraded.
n/openssl-1.1.1o-x86_64-1.txz: Upgraded.
Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
(* Security fix *)
x/libxcb-1.15-x86_64-1.txz: Upgraded.
x/xcb-proto-1.15-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.9.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.9.0/releasenotes/
(* Security fix *)
xap/seamonkey-2.53.12-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.12
(* Security fix *)
kde/calligra-3.2.1-x86_64-16.txz: Rebuilt.
Recompiled against openexr-3.1.5.
Thanks to Heinz Wiesinger for the link to the patch.
kde/kimageformats-5.93.0-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.1.5.
kde/kio-extras-22.04.0-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.5 and openexr-3.1.5.
kde/kjots-20220430_da83a5f-x86_64-1.txz: Upgraded.
kde/krita-5.0.6-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.5 and openexr-3.1.5.
kde/umbrello-22.04.0-x86_64-2.txz: Rebuilt.
Recompiled against kdevelop-22.04.0.
l/Imath-3.1.5-x86_64-1.txz: Added.
This library was split out from OpenEXR.
l/SDL2-2.0.22-x86_64-2.txz: Rebuilt.
Recompiled with -DSDL_STATIC=OFF. Thanks to jkh2cpu.
l/freetype-2.12.1-x86_64-1.txz: Upgraded.
l/gegl-0.4.36-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.1.5.
l/gst-plugins-bad-free-1.20.1-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.5 and openexr-3.1.5.
l/imagemagick-7.1.0_32-x86_64-1.txz: Upgraded.
Compiled against Imath-3.1.5 and openexr-3.1.5.
l/opencv-4.5.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.1.5.
l/openexr-3.1.5-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Compiled against Imath-3.1.5.
l/speech-dispatcher-0.11.1-x86_64-1.txz: Upgraded.
n/cifs-utils-6.15-x86_64-1.txz: Upgraded.
n/mutt-2.2.4-x86_64-1.txz: Upgraded.
x/bitmap-1.1.0-x86_64-1.txz: Upgraded.
xap/gimp-2.10.30-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.5 and openexr-3.1.5.
l/espeak-ng-1.51-x86_64-1.txz: Upgraded.
n/ca-certificates-20220403-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
x/libX11-1.7.5-x86_64-1.txz: Upgraded.
x/libXcursor-1.2.1-x86_64-1.txz: Upgraded.
xfce/thunar-4.16.11-x86_64-1.txz: Upgraded.