ap/hplip-3.19.12-x86_64-1.txz: Upgraded.
ap/pamixer-1.4-x86_64-4.txz: Rebuilt.
Recompiled against boost-1.72.0.
ap/vim-8.2.0000-x86_64-1.txz: Upgraded.
d/bison-3.5-x86_64-1.txz: Upgraded.
kde/calligra-2.9.11-x86_64-33.txz: Rebuilt.
Recompiled against boost-1.72.0.
l/akonadi-1.13.0-x86_64-14.txz: Rebuilt.
Recompiled against boost-1.72.0.
l/boost-1.72.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libssh-0.9.3-x86_64-1.txz: Upgraded.
This fixes a security issue (low impact according to upstream):
Unsanitized location in scp could lead to unwanted command execution.
In addition, the 0.9.3 release benefited from a security audit sponsored
by the Mozilla Open Source Support program. The audit results were used
to improve the overall security and code quality of libssh.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14889
(* Security fix *)
n/libqmi-1.24.2-x86_64-1.txz: Upgraded.
x/compiz-0.8.16.1-x86_64-1.txz: Upgraded.
x/mesa-19.3.0-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.2.0000-x86_64-1.txz: Upgraded.
l/dconf-0.34.0-x86_64-2.txz: Rebuilt.
Rebuilt using the sed replacements suggested by LFS. This fixes a
subsequent build of dconf-editor.
l/glib-networking-2.62.2-x86_64-1.txz: Upgraded.
n/samba-4.11.3-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
Samba AD DC zone-named record Denial of Service in DNS management server.
DelegationNotAllowed was not enforced in protocol transition on Samba AD DC.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14861https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14870
(* Security fix *)
x/vulkan-sdk-1.1.126.0-x86_64-1.txz: Upgraded.
a/aaa_elflibs-15.0-x86_64-14.txz: Rebuilt.
Upgraded: libglib-2.0.so.0.6200.2, libgmodule-2.0.so.0.6200.2,
libgobject-2.0.so.0.6200.2, libgthread-2.0.so.0.6200.2.
Added: libgomp.so.1.0.0.
a/kernel-firmware-20191029_4065643-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.81-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.81-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.81-x86_64-1.txz: Upgraded.
ap/sudo-1.8.29-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.81-x86-1.txz: Upgraded.
d/python-setuptools-41.6.0-x86_64-1.txz: Upgraded.
k/kernel-source-4.19.81-noarch-1.txz: Upgraded.
l/harfbuzz-2.6.3-x86_64-1.txz: Upgraded.
n/samba-4.11.2-x86_64-1.txz: Upgraded.
This update fixes bugs and these security issues:
Client code can return filenames containing path separators.
Samba AD DC check password script does not receive the full password.
User with "get changes" permission can crash AD DC LDAP server via dirsync.
For more information, see:
https://www.samba.org/samba/security/CVE-2019-10218.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10218https://www.samba.org/samba/security/CVE-2019-14833.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14833https://www.samba.org/samba/security/CVE-2019-14847.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14847
(* Security fix *)
x/libglvnd-1.2.0-x86_64-4.txz: Rebuilt.
Applied upstream patches to fix EGL/eglplatform.h.
x/xorg-server-1.20.5-x86_64-3.txz: Rebuilt.
#define EGL_NO_X11 to fix glamor build against libglvnd-1.2.0.
x/xorg-server-xephyr-1.20.5-x86_64-3.txz: Rebuilt.
x/xorg-server-xnest-1.20.5-x86_64-3.txz: Rebuilt.
x/xorg-server-xvfb-1.20.5-x86_64-3.txz: Rebuilt.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
l/imagemagick-6.9.10_70-x86_64-1.txz: Upgraded.
x/libinput-1.14.3-x86_64-1.txz: Upgraded.
x/mkfontdir-1.0.7-noarch-2.txz: Removed.
The mkfontdir wrapper script and man page are provided by recent versions
of the mkfontscale package, making the mkfontdir package redundant.
Thanks to DarkVision.
x/mkfontscale-1.2.1-x86_64-2.txz: Rebuilt.
Moved the mkfontdir install script to this package since it includes the
mkfontdir wrapper script now.
xap/gimp-2.10.14-x86_64-1.txz: Upgraded.
d/vala-0.46.3-x86_64-1.txz: Upgraded.
l/libsoup-2.68.2-x86_64-1.txz: Upgraded.
n/openssh-8.1p1-x86_64-1.txz: Upgraded.
ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory side-channel attacks like
Spectre, Meltdown and Rambleed. This release encrypts private keys
when they are not in use with a symmetric key that is derived from a
relatively large "prekey" consisting of random data (currently 16KB).
x/libXvMC-1.0.12-x86_64-3.txz: Rebuilt.
Reverted to the stock xvmc.pc since Mesa has been fixed to work with it.
x/libglvnd-1.2.0-x86_64-2.txz: Rebuilt.
x/mesa-19.2.1-x86_64-1.txz: Upgraded.
xap/network-manager-applet-1.8.24-x86_64-1.txz: Upgraded.
d/llvm-9.0.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Thanks to orbea for getting this working and cleaning up the build script.
d/vala-0.46.2-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_67-x86_64-1.txz: Upgraded.
Fixed --disable-opencl configure option. Thanks to Markus Wiesner for the
bug report and to upstream for the quick fix.
n/NetworkManager-1.20.4-x86_64-1.txz: Upgraded.
n/gnutls-3.6.10-x86_64-1.txz: Upgraded.
x/freeglut-3.2.1-x86_64-1.txz: Upgraded.
x/libglvnd-1.1.1-x86_64-2.txz: Upgraded.
Reverted to this version since I'm seeing some errors linking with Mesa
libraries with the newer one. Thanks to nobodino for the bug report.
x/mesa-19.2.0-x86_64-2.txz: Rebuilt.
Recompiled against llvm-9.0.0 and libglvnd-1.1.1.
x/xf86-video-vmware-13.3.0-x86_64-3.txz: Rebuilt.
Recompiled against llvm-9.0.0.
a/kernel-firmware-20190717_bf13a71-noarch-1.txz: Upgraded.
ap/mpg123-1.25.11-x86_64-1.txz: Upgraded.
l/gvfs-1.40.2-x86_64-2.txz: Rebuilt.
daemon/meson.build: define gvfs_rpath for libgvfsdaemon.so
This fixes "libgvfscommon.so => not found" running ldd on libgvfsdaemon.so.
Thanks to Robby Workman.
n/bind-9.14.4-x86_64-1.txz: Upgraded.
x/libpciaccess-0.16-x86_64-1.txz: Upgraded.
x/xinput-1.6.3-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-68.0.1esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/68.0.1esr/releasenotes/
extra/pure-alsa-system/mpg123-1.25.11-x86_64-1_alsa.txz: Upgraded.
l/giflib-5.2.1-x86_64-2.txz: Rebuilt.
Install obsolete utilities (if they were built).
If you'd like to see them continued, let upstream know.
l/libarchive-3.4.0-x86_64-2.txz: Rebuilt.
Recompiled against nettle-3.5.
l/libzip-1.5.2-x86_64-2.txz: Rebuilt.
Recompiled against nettle-3.5.
n/gnutls-3.6.8-x86_64-2.txz: Rebuilt.
Recompiled against nettle-3.5.
n/nettle-3.5-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
x/xorg-server-1.20.5-x86_64-2.txz: Rebuilt.
Recompiled against nettle-3.5.
x/xorg-server-xephyr-1.20.5-x86_64-2.txz: Rebuilt.
Recompiled against nettle-3.5.
x/xorg-server-xnest-1.20.5-x86_64-2.txz: Rebuilt.
Recompiled against nettle-3.5.
x/xorg-server-xvfb-1.20.5-x86_64-2.txz: Rebuilt.
Recompiled against nettle-3.5.
extra/tigervnc/tigervnc-1.9.0-x86_64-2.txz: Rebuilt.
Recompiled against nettle-3.5.
a/kernel-firmware-20190620_7ae3a09-noarch-1.txz: Upgraded.
l/cairo-1.16.0-x86_64-1.txz: Upgraded.
Reverted to previous cairo to fix Mozilla crashes.
x/igt-gpu-tools-1.24-x86_64-2.txz: Rebuilt.
Rebuilt against cairo-1.16.0.
l/cairo-1.17.2-x86_64-1.txz: Upgraded.
l/expat-2.2.7-x86_64-1.txz: Upgraded.
n/bind-9.14.3-x86_64-1.txz: Upgraded.
Fixed a race condition in dns_dispatch_getnext() that could cause an
assertion failure if a significant number of incoming packets were rejected.
For more information, see:
https://kb.isc.org/docs/cve-2019-6471https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6471
(* Security fix *)
x/igt-gpu-tools-1.24-x86_64-1.txz: Upgraded.
x/xorgproto-2019.1-x86_64-1.txz: Upgraded.
xap/xlockmore-5.57-x86_64-1.txz: Upgraded.
a/glibc-zoneinfo-2019a-noarch-1.txz: Upgraded.
a/grub-2.02-x86_64-5.txz: Rebuilt.
Support F2FS filesystem. Thanks to Nille_kungen.
ap/cups-filters-1.22.5-x86_64-1.txz: Upgraded.
ap/itstool-2.0.6-x86_64-1.txz: Upgraded.
d/python-setuptools-41.0.0-x86_64-1.txz: Upgraded.
l/gobject-introspection-1.60.1-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_39-x86_64-1.txz: Upgraded.
l/libcroco-0.6.13-x86_64-1.txz: Upgraded.
l/libnotify-0.7.8-x86_64-1.txz: Upgraded.
n/cifs-utils-6.9-x86_64-1.txz: Upgraded.
n/nfs-utils-2.3.3-x86_64-2.txz: Rebuilt.
Include recovery directory. Thanks to upnort.
n/samba-4.10.2-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
World writable files in Samba AD DC private/ dir.
Save registry file outside share as unprivileged user.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3870https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3880
(* Security fix *)
x/libva-2.4.1-x86_64-1.txz: Upgraded.
x/pixman-0.38.2-x86_64-1.txz: Upgraded.
xap/gimp-2.10.10-x86_64-1.txz: Upgraded.
Saint Patrick was a gentleman
Who through strategy and stealth
Drove all the snakes from Ireland
Here's toasting to his health -
But not too many toastings
Lest you lose yourself, and then,
Forget the good Saint Patrick
And see all those snakes again.
a/eudev-3.2.7-x86_64-3.txz: Rebuilt.
Added tqmx86_wdt to watchdog.conf. Thanks to Robby Workman.
d/vala-0.44.1-x86_64-1.txz: Upgraded.
kde/ktorrent-4.3.1-x86_64-4.txz: Rebuilt.
Embed a copy of the GeoIP database since the download link no longer works.
l/glibmm-2.58.1-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.43-x86_64-1.txz: Upgraded.
x/imake-1.0.8-x86_64-1.txz: Upgraded.
x/libXdmcp-1.1.3-x86_64-1.txz: Upgraded.
x/libXext-1.3.4-x86_64-1.txz: Upgraded.
x/libXft-2.3.3-x86_64-1.txz: Upgraded.
x/libXmu-1.1.3-x86_64-1.txz: Upgraded.
x/libXrandr-1.5.2-x86_64-1.txz: Upgraded.
x/libXvMC-1.0.11-x86_64-1.txz: Upgraded.
x/libXxf86dga-1.1.5-x86_64-1.txz: Upgraded.
x/libxkbfile-1.1.0-x86_64-1.txz: Upgraded.
x/makedepend-1.0.6-x86_64-1.txz: Upgraded.
x/x11perf-1.6.1-x86_64-1.txz: Upgraded.
x/xf86-video-intel-20190301_6afed33b-x86_64-1.txz: Upgraded.
x/xf86-video-savage-20190128_8579718-x86_64-1.txz: Upgraded.
x/xf86-video-sis-20181217_22d3c79-x86_64-1.txz: Upgraded.
x/xtrans-1.4.0-noarch-1.txz: Upgraded.
a/hwdata-0.321-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.27-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.27-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.27-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.27-x86-1.txz: Upgraded.
k/kernel-source-4.19.27-noarch-1.txz: Upgraded.
l/M2Crypto-0.32.0-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_32-x86_64-1.txz: Upgraded.
n/dovecot-2.3.5-x86_64-1.txz: Upgraded.
x/xdm-1.1.11-x86_64-9.txz: Rebuilt.
Reverted to xdm-1.1.11, as the new release after 7 years has some issues.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/mkinitrd-1.4.11-x86_64-12.txz: Rebuilt.
Updated to busybox-1.30.1.
mkinitrd: allow a colon-delimited list of kernel versions with -k
mkinitrd_command_generator.sh: allow a colon-delimited list of kernel
versions with -k
setup.01.mkinitrd: simplify script by using -k with a version list
ap/pamixer-1.4-x86_64-1.txz: Upgraded.
d/python-2.7.16-x86_64-1.txz: Upgraded.
Updated to the latest 2.7.x release, which fixes a few security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010
(* Security fix *)
d/vala-0.42.6-x86_64-1.txz: Upgraded.
l/gegl-0.4.14-x86_64-1.txz: Upgraded.
l/libsecret-0.18.8-x86_64-1.txz: Upgraded.
l/xapian-core-1.4.11-x86_64-1.txz: Upgraded.
x/mkfontscale-1.2.0-x86_64-1.txz: Upgraded.
x/xditview-1.0.5-x86_64-1.txz: Upgraded.
x/xdm-1.1.12-x86_64-1.txz: Upgraded.
a/btrfs-progs-4.20.2-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1b-x86_64-1.txz: Upgraded.
ap/ddrescue-1.24-x86_64-1.txz: Upgraded.
ap/sqlite-3.27.2-x86_64-1.txz: Upgraded.
l/libssh-0.8.7-x86_64-1.txz: Upgraded.
l/talloc-2.1.16-x86_64-1.txz: Upgraded.
l/tdb-1.3.18-x86_64-1.txz: Upgraded.
l/tevent-0.9.39-x86_64-1.txz: Upgraded.
n/ca-certificates-20181210-noarch-2.txz: Rebuilt.
Use "c_rehash" rather than "openssl rehash" for compatibility with all
versions of OpenSSL.
n/epic5-2.1.1-x86_64-1.txz: Upgraded.
n/openssl-1.1.1b-x86_64-1.txz: Upgraded.
x/xorg-server-1.20.4-x86_64-1.txz: Upgraded.
x/xorg-server-xephyr-1.20.4-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-1.20.4-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-1.20.4-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-60.5.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/60.5.2/releasenotes/
a/glibc-solibs-2.29-x86_64-3.txz: Rebuilt.
ap/texinfo-6.6-x86_64-1.txz: Upgraded.
l/elfutils-0.176-x86_64-1.txz: Upgraded.
l/glibc-2.29-x86_64-3.txz: Rebuilt.
l/glibc-i18n-2.29-x86_64-3.txz: Rebuilt.
Go back to using the glibc.locale.no-archive.diff patch rather than the new
built-in no-archive locale target. Avoiding hardlinks is not worth 700MB of
useless bloat. Thanks to baldzhang.
l/glibc-profile-2.29-x86_64-3.txz: Rebuilt.
l/librsvg-2.44.13-x86_64-1.txz: Upgraded.
x/xf86-video-chips-1.4.0-x86_64-1.txz: Upgraded.
x/xf86-video-tdfx-1.5.0-x86_64-1.txz: Upgraded.
a/kernel-firmware-20190212_28f5f7d-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.21-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.21-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.21-x86_64-1.txz: Upgraded.
ap/lxc-2.0.9_d3a03247-x86_64-1.txz: Upgraded.
This update fixes a security issue where a malicious privileged container
could overwrite the host binary and thus gain root-level code execution on
the host. As the LXC project considers privileged containers to be unsafe
no CVE has been assigned for this issue for LXC. To prevent this attack,
LXC has been patched to create a temporary copy of the calling binary
itself when it starts or attaches to containers. To do this LXC creates an
anonymous, in-memory file using the memfd_create() system call and copies
itself into the temporary in-memory file, which is then sealed to prevent
further modifications. LXC then executes this sealed, in-memory file
instead of the original on-disk binary.
For more information, see:
https://seclists.org/oss-sec/2019/q1/119
(* Security fix *)
d/kernel-headers-4.19.21-x86-1.txz: Upgraded.
k/kernel-source-4.19.21-noarch-1.txz: Upgraded.
l/libbluray-1.1.0-x86_64-1.txz: Upgraded.
l/libcap-2.26-x86_64-2.txz: Rebuilt.
Don't ship static library.
l/xapian-core-1.4.10-x86_64-1.txz: Upgraded.
n/gnupg2-2.2.13-x86_64-1.txz: Upgraded.
n/irssi-1.2.0-x86_64-1.txz: Upgraded.
n/libassuan-2.5.3-x86_64-1.txz: Upgraded.
x/bitmap-1.0.9-x86_64-1.txz: Upgraded.
x/libXau-1.0.9-x86_64-1.txz: Upgraded.
x/pixman-0.38.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_elflibs-15.0-x86_64-3.txz: Rebuilt.
Moved libsigsegv.so.2 from /usr/lib{,64} to /lib{,64}.
Upgraded: libcap.so.2.26, libelf-0.175.so, libfuse.so.2.9.8,
libexpat.so.1.6.8, libglib-2.0.so.0.5800.2, libgmodule-2.0.so.0.5800.2,
libgobject-2.0.so.0.5800.2, libgthread-2.0.so.0.5800.2, libjpeg.so.62.3.0,
liblber-2.4.so.2.10.10, libldap-2.4.so.2.10.10, libpng16.so.16.36.0,
libstdc++.so.6.0.25, libtdb.so.1.3.16, libtiff.so.5.4.0,
libtiffxx.so.5.4.0, libturbojpeg.so.0.2.0.
ap/vim-8.1.0648-x86_64-1.txz: Upgraded.
d/nasm-2.14.02-x86_64-1.txz: Upgraded.
d/strace-4.26-x86_64-1.txz: Upgraded.
l/libsigsegv-2.12-x86_64-3.txz: Rebuilt.
Moved shared library into /lib{,64} to avoid problems when /usr is on a
separate partition. Thanks to TommyC7.
But please note: that has never been a recommended configuration (it was
always a bad idea prone to corner-case bugs), and with basically everyone
else moving everything into /usr, no upstream is developing with this
scenario in mind these days. Some of the problems caused by separate /usr
are simply not possibly to fix in a straightforward fashion. Consider it a
completely unsupported configuration choice. While it's not my style to
make the installer refuse to allow it, I won't be bending over backwards
to try to fix bugs related to this in the future. If I recall properly,
the original rationale was to make it possible for /usr to reside on a
shared network partition, which might have made sense back when 40MB was
a typical hard drive size. I can think of no good rationale now (and no,
I don't think making /usr read-only helps security in any tangible way).
n/wget-1.20.1-x86_64-1.txz: Upgraded.
x/xf86-video-chips-1.3.0-x86_64-1.txz: Upgraded.
x/xf86-video-neomagic-1.3.0-x86_64-1.txz: Upgraded.
x/xterm-341-x86_64-1.txz: Upgraded.
xap/audacious-3.10.1-x86_64-1.txz: Upgraded.
xap/audacious-plugins-3.10.1-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.0648-x86_64-1.txz: Upgraded.