a/ed-1.16-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.14-x86_64-3.txz: Rebuilt.
Rebuilt to add wayland backend.
l/libuv-1.34.2-x86_64-1.txz: Added.
This is needed by bind-9.16.0.
l/qt5-5.13.2-x86_64-2.txz: Rebuilt.
Rebuilt to add wayland support.
Use the system ffmpeg, not the bundled one.
n/bind-9.16.0-x86_64-1.txz: Upgraded.
rc.bind: don't change file ownerships in /var/named. Thanks to voegelas.
n/proftpd-1.3.6c-x86_64-1.txz: Upgraded.
No CVEs assigned, but this sure looks like a security issue:
Use-after-free vulnerability in memory pools during data transfer.
(* Security fix *)
x/libinput-1.15.2-x86_64-1.txz: Upgraded.
x/xkbcomp-1.4.3-x86_64-1.txz: Upgraded.
testing/packages/PAM/proftpd-1.3.6c-x86_64-1_pam.txz: Upgraded.
No CVEs assigned, but this sure looks like a security issue:
Use-after-free vulnerability in memory pools during data transfer.
(* Security fix *)
a/gptfdisk-1.0.5-x86_64-1.txz: Upgraded.
a/kernel-firmware-20200219_2277987-noarch-1.txz: Upgraded.
a/kernel-generic-5.4.21-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.21-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.21-x86_64-1.txz: Upgraded.
a/shadow-4.8.1-x86_64-5.txz: Rebuilt.
a/util-linux-2.35.1-x86_64-4.txz: Rebuilt.
ap/cdparanoia-III_10.2-x86_64-3.txz: Rebuilt.
Moved man page from /usr/man/jp/man1/ to /usr/man/ja/man1/. Thanks to Xsane.
Don't ship the static libraries.
d/kernel-headers-5.4.21-x86-1.txz: Upgraded.
k/kernel-source-5.4.21-noarch-1.txz: Upgraded.
SND_SOC n -> m
SPI n -> y
VFIO_PCI_VGA n -> y
+ADE7854_SPI m
+ADT7316_SPI m
+BMC150_ACCEL_SPI m
+BMG160_SPI m
+BMP280_SPI m
+FXAS21002C_SPI m
+HTS221_SPI m
+IIO_ST_ACCEL_SPI_3AXIS m
+IIO_ST_GYRO_SPI_3AXIS m
+IIO_ST_MAGN_SPI_3AXIS m
+IIO_ST_PRESS_SPI m
+IIO_ST_SENSORS_SPI m
+INPUT_AD714X_SPI m
+INPUT_ADXL34X_SPI m
+KXSD9_SPI m
+REGMAP_SPI m
+SND_COMPRESS_OFFLOAD m
+SND_DESIGNWARE_I2S m
+SND_DESIGNWARE_PCM y
+SND_DMAENGINE_PCM m
+SND_HDA_EXT_CORE m
+SND_I2S_HI6210_I2S m
+SND_PCM_ELD y
+SND_PCM_IEC958 y
+SND_SIMPLE_CARD m
+SND_SIMPLE_CARD_UTILS m
+SND_SOC_AC97_BUS y
+SND_SOC_AC97_CODEC m
+SND_SOC_ACPI m
+SND_SOC_ACPI_INTEL_MATCH m
+SND_SOC_ADAU1761 m
+SND_SOC_ADAU1761_I2C m
+SND_SOC_ADAU1761_SPI m
+SND_SOC_ADAU17X1 m
+SND_SOC_ADAU7002 m
+SND_SOC_ADAU_UTILS m
+SND_SOC_AMD_ACP m
+SND_SOC_AMD_ACP3x m
+SND_SOC_AMD_CZ_DA7219MX98357_MACH m
+SND_SOC_AMD_CZ_RT5645_MACH m
+SND_SOC_BD28623 m
+SND_SOC_COMPRESS y
+SND_SOC_CROS_EC_CODEC m
+SND_SOC_CS35L34 m
+SND_SOC_CS35L35 m
+SND_SOC_CS35L36 m
+SND_SOC_CS42L42 m
+SND_SOC_CS43130 m
+SND_SOC_CX2072X m
+SND_SOC_DA7213 m
+SND_SOC_DA7219 m
+SND_SOC_DMIC m
+SND_SOC_ES7134 m
+SND_SOC_ES7241 m
+SND_SOC_ES8316 m
+SND_SOC_ES8328 m
+SND_SOC_ES8328_I2C m
+SND_SOC_ES8328_SPI m
+SND_SOC_GENERIC_DMAENGINE_PCM y
+SND_SOC_HDAC_HDA m
+SND_SOC_HDAC_HDMI m
+SND_SOC_HDMI_CODEC m
+SND_SOC_I2C_AND_SPI m
+SND_SOC_INTEL_APL m
+SND_SOC_INTEL_BDW_RT5677_MACH m
+SND_SOC_INTEL_BROADWELL_MACH m
+SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH m
+SND_SOC_INTEL_BXT_RT298_MACH m
+SND_SOC_INTEL_BYTCR_RT5640_MACH m
+SND_SOC_INTEL_BYTCR_RT5651_MACH m
+SND_SOC_INTEL_BYT_CHT_CX2072X_MACH m
+SND_SOC_INTEL_BYT_CHT_DA7213_MACH m
+SND_SOC_INTEL_BYT_CHT_ES8316_MACH m
+SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH m
+SND_SOC_INTEL_CFL m
+SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH m
+SND_SOC_INTEL_CHT_BSW_NAU8824_MACH m
+SND_SOC_INTEL_CHT_BSW_RT5645_MACH m
+SND_SOC_INTEL_CHT_BSW_RT5672_MACH m
+SND_SOC_INTEL_CML_H m
+SND_SOC_INTEL_CML_LP m
+SND_SOC_INTEL_CNL m
+SND_SOC_INTEL_DA7219_MAX98357A_GENERIC m
+SND_SOC_INTEL_GLK m
+SND_SOC_INTEL_GLK_RT5682_MAX98357A_MACH m
+SND_SOC_INTEL_HASWELL m
+SND_SOC_INTEL_HASWELL_MACH m
+SND_SOC_INTEL_KBL m
+SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH m
+SND_SOC_INTEL_KBL_DA7219_MAX98927_MACH m
+SND_SOC_INTEL_KBL_RT5660_MACH m
+SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH m
+SND_SOC_INTEL_MACH y
+SND_SOC_INTEL_SKL m
+SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH m
+SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH m
+SND_SOC_INTEL_SKL_RT286_MACH m
+SND_SOC_INTEL_SKYLAKE m
+SND_SOC_INTEL_SKYLAKE_COMMON m
+SND_SOC_INTEL_SKYLAKE_FAMILY m
+SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC y
+SND_SOC_INTEL_SKYLAKE_SSP_CLK m
+SND_SOC_INTEL_SST m
+SND_SOC_INTEL_SST_ACPI m
+SND_SOC_INTEL_SST_FIRMWARE m
+SND_SOC_INTEL_SST_TOPLEVEL y
+SND_SOC_MAX9759 m
+SND_SOC_MAX98088 m
+SND_SOC_MAX98090 m
+SND_SOC_MAX98357A m
+SND_SOC_MAX98373 m
+SND_SOC_MAX9867 m
+SND_SOC_MAX98927 m
+SND_SOC_NAU8540 m
+SND_SOC_NAU8824 m
+SND_SOC_NAU8825 m
+SND_SOC_PCM1789 m
+SND_SOC_PCM1789_I2C m
+SND_SOC_PCM186X m
+SND_SOC_PCM186X_I2C m
+SND_SOC_PCM186X_SPI m
+SND_SOC_PCM3060 m
+SND_SOC_PCM3060_I2C m
+SND_SOC_PCM3060_SPI m
+SND_SOC_RL6231 m
+SND_SOC_RL6347A m
+SND_SOC_RT286 m
+SND_SOC_RT298 m
+SND_SOC_RT5640 m
+SND_SOC_RT5645 m
+SND_SOC_RT5651 m
+SND_SOC_RT5660 m
+SND_SOC_RT5663 m
+SND_SOC_RT5670 m
+SND_SOC_RT5677 m
+SND_SOC_RT5677_SPI m
+SND_SOC_RT5682 m
+SND_SOC_SIGMADSP m
+SND_SOC_SIGMADSP_REGMAP m
+SND_SOC_SIMPLE_AMPLIFIER m
+SND_SOC_SOF m
+SND_SOC_SOF_ACPI m
+SND_SOC_SOF_APOLLOLAKE m
+SND_SOC_SOF_APOLLOLAKE_SUPPORT y
+SND_SOC_SOF_BAYTRAIL m
+SND_SOC_SOF_BAYTRAIL_SUPPORT y
+SND_SOC_SOF_CANNONLAKE m
+SND_SOC_SOF_CANNONLAKE_SUPPORT y
+SND_SOC_SOF_COFFEELAKE m
+SND_SOC_SOF_COFFEELAKE_SUPPORT y
+SND_SOC_SOF_COMETLAKE_H m
+SND_SOC_SOF_COMETLAKE_H_SUPPORT y
+SND_SOC_SOF_COMETLAKE_LP m
+SND_SOC_SOF_COMETLAKE_LP_SUPPORT y
+SND_SOC_SOF_ELKHARTLAKE m
+SND_SOC_SOF_ELKHARTLAKE_SUPPORT y
+SND_SOC_SOF_GEMINILAKE m
+SND_SOC_SOF_GEMINILAKE_SUPPORT y
+SND_SOC_SOF_HDA m
+SND_SOC_SOF_HDA_AUDIO_CODEC y
+SND_SOC_SOF_HDA_COMMON m
+SND_SOC_SOF_HDA_LINK y
+SND_SOC_SOF_HDA_LINK_BASELINE m
+SND_SOC_SOF_ICELAKE m
+SND_SOC_SOF_ICELAKE_SUPPORT y
+SND_SOC_SOF_INTEL_ACPI m
+SND_SOC_SOF_INTEL_ATOM_HIFI_EP m
+SND_SOC_SOF_INTEL_COMMON m
+SND_SOC_SOF_INTEL_HIFI_EP_IPC m
+SND_SOC_SOF_INTEL_PCI m
+SND_SOC_SOF_INTEL_TOPLEVEL y
+SND_SOC_SOF_MERRIFIELD m
+SND_SOC_SOF_MERRIFIELD_SUPPORT y
+SND_SOC_SOF_OPTIONS m
+SND_SOC_SOF_PCI m
+SND_SOC_SOF_PROBE_WORK_QUEUE y
+SND_SOC_SOF_TIGERLAKE m
+SND_SOC_SOF_TIGERLAKE_SUPPORT y
+SND_SOC_SOF_TOPLEVEL y
+SND_SOC_SOF_XTENSA m
+SND_SOC_SPDIF m
+SND_SOC_SSM4567 m
+SND_SOC_TAS6424 m
+SND_SOC_TDA7419 m
+SND_SOC_TLV320AIC32X4 m
+SND_SOC_TLV320AIC32X4_I2C m
+SND_SOC_TLV320AIC32X4_SPI m
+SND_SOC_TOPOLOGY y
+SND_SOC_TS3A227E m
+SND_SOC_TSCS42XX m
+SND_SOC_WM8524 m
+SND_SPI y
+SND_SST_ATOM_HIFI2_PLATFORM m
+SND_SST_ATOM_HIFI2_PLATFORM_ACPI m
+SND_SST_ATOM_HIFI2_PLATFORM_PCI m
+SND_SST_IPC m
+SND_SST_IPC_ACPI m
+SND_SST_IPC_PCI m
+SPI_MASTER y
+ST_UVIS25_SPI m
l/gegl-0.4.22-x86_64-1.txz: Upgraded.
l/glib2-2.62.5-x86_64-1.txz: Upgraded.
l/python-requests-2.23.0-x86_64-1.txz: Upgraded.
n/NetworkManager-1.22.8-x86_64-1.txz: Upgraded.
n/openssh-8.2p1-x86_64-2.txz: Rebuilt.
n/php-7.4.3-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Phar: Files added to tar with Phar::buildFromIterator have
all-access permissions.
Phar: heap-buffer-overflow in phar_extract_file.
Session: Null Pointer Dereference in PHP Session Upload Progress.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7061https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062
(* Security fix *)
x/mesa-20.0.0-x86_64-1.txz: Upgraded.
Added Wayland platform support.
x/wayland-1.18.0-x86_64-1.txz: Added.
x/wayland-protocols-1.18-noarch-1.txz: Added.
x/xorg-server-1.20.7-x86_64-2.txz: Rebuilt.
x/xorg-server-xephyr-1.20.7-x86_64-2.txz: Rebuilt.
x/xorg-server-xnest-1.20.7-x86_64-2.txz: Rebuilt.
x/xorg-server-xvfb-1.20.7-x86_64-2.txz: Rebuilt.
x/xorg-server-xwayland-1.20.7-x86_64-2.txz: Added.
xap/gimp-2.10.16-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/openssh-8.2p1-x86_64-2_pam.txz: Rebuilt.
/etc/pam.d/sshd: add commented out pam_tally2 example.
testing/packages/PAM/shadow-4.8.1-x86_64-5_pam.txz: Rebuilt.
/etc/pam.d/system-auth: add support for pam_group, remove pam_tally2.
Thanks to ivandi.
/etc/pam.d/*: Don't use tabs.
testing/packages/PAM/util-linux-2.35.1-x86_64-4_pam.txz: Rebuilt.
/etc/pam.d/login: add commented out pam_tally2 example.
/etc/pam.d/*: Don't use tabs.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/ksh93-20200131_e4fea8c5-x86_64-1.txz: Upgraded.
ap/zsh-5.8-x86_64-1.txz: Upgraded.
l/brotli-1.0.7-x86_64-1.txz: Added.
l/gmime-3.2.6-x86_64-1.txz: Upgraded.
l/hyphen-2.8.8-x86_64-1.txz: Added.
l/openal-soft-1.20.1-x86_64-1.txz: Upgraded.
Thanks to Skaendo and Willy Sudiarto Raharjo.
l/qt5-webkit-5.212.0_alpha3-x86_64-1.txz: Added.
Thanks to alienBOB.
l/woff2-20180531_a0d0ed7-x86_64-1.txz: Added.
n/bluez-5.53-x86_64-1.txz: Upgraded.
n/mutt-1.13.4-x86_64-1.txz: Upgraded.
n/samba-4.11.6-x86_64-3.txz: Rebuilt.
n/socat-1.7.3.4-x86_64-1.txz: Added.
n/whois-5.5.6-x86_64-1.txz: Upgraded.
testing/packages/PAM/samba-4.11.6-x86_64-3_pam.txz: Rebuilt.
Added patches to fix joining a DC when using krb5. Looks like the patches are
already upstreamed in the latest 4.12.0-rc. Thanks to camerabambai.
a/libcgroup-0.41-x86_64-6.txz: Rebuilt.
ap/mariadb-10.4.12-x86_64-2.txz: Rebuilt.
d/Cython-0.29.15-x86_64-1.txz: Upgraded.
d/cmake-3.16.4-x86_64-2.txz: Rebuilt.
Recompiled against qt5-5.13.2.
d/doxygen-1.8.17-x86_64-2.txz: Rebuilt.
Recompiled against qt5-5.13.2.
l/ConsoleKit2-1.2.1-x86_64-3.txz: Rebuilt.
l/gnome-keyring-3.34.0-x86_64-2.txz: Rebuilt.
l/imagemagick-7.0.9_23-x86_64-1.txz: Upgraded.
l/polkit-0.116-x86_64-2.txz: Rebuilt.
l/python-future-0.18.2-x86_64-1.txz: Added.
This is needed by fetchmailconf and will probably see additional use as
projects jump off of the sinking Python 2 ship.
l/v4l-utils-1.18.0-x86_64-2.txz: Rebuilt.
Recompiled against qt5-5.13.2.
n/cifs-utils-6.10-x86_64-3.txz: Rebuilt.
n/fetchmail-6.4.2-x86_64-1.txz: Upgraded.
n/pinentry-1.1.0-x86_64-3.txz: Rebuilt.
Recompiled against qt5-5.13.2.
n/samba-4.11.6-x86_64-2.txz: Rebuilt.
n/wpa_supplicant-2.9-x86_64-2.txz: Rebuilt.
Recompiled against qt5-5.13.2.
xap/xpdf-4.02-x86_64-3.txz: Rebuilt.
Recompiled against qt5-5.13.2.
testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-3_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
Remove .la files in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/cifs-utils-6.10-x86_64-3_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/gnome-keyring-3.34.0-x86_64-2_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
Remove .la files in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/libcgroup-0.41-x86_64-6_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
Remove .la files in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/libpwquality-1.4.2-x86_64-2_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
Remove .la files in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/mariadb-10.4.12-x86_64-2_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/pam-1.3.1-x86_64-2_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security to support
multilib. Thanks to GazL.
testing/packages/PAM/polkit-0.116-x86_64-2_pam.txz: Rebuilt.
Rebuilt using --with-pam-module-dir=/lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/samba-4.11.6-x86_64-2_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
a/kernel-generic-5.4.20-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.20-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.20-x86_64-1.txz: Upgraded.
a/shadow-4.8.1-x86_64-3.txz: Rebuilt.
a/util-linux-2.35.1-x86_64-3.txz: Rebuilt.
d/kernel-headers-5.4.20-x86-1.txz: Upgraded.
k/kernel-source-5.4.20-noarch-1.txz: Upgraded.
l/ConsoleKit2-1.2.1-x86_64-2.txz: Rebuilt.
l/dconf-editor-3.34.4-x86_64-1.txz: Upgraded.
l/libxkbcommon-0.10.0-x86_64-1.txz: Added.
l/openal-soft-1.19.1-x86_64-1.txz: Added.
l/qt5-5.13.2-x86_64-1.txz: Added.
Thanks to alienBOB.
n/openssh-8.2p1-x86_64-1.txz: Upgraded.
Potentially incompatible changes:
* ssh(1), sshd(8): the removal of "ssh-rsa" from the accepted
CASignatureAlgorithms list.
* ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
from the default key exchange proposal for both the client and
server.
* ssh-keygen(1): the command-line options related to the generation
and screening of safe prime numbers used by the
diffie-hellman-group-exchange-* key exchange algorithms have
changed. Most options have been folded under the -O flag.
* sshd(8): the sshd listener process title visible to ps(1) has
changed to include information about the number of connections that
are currently attempting authentication and the limits configured
by MaxStartups.
x/mesa-19.3.4-x86_64-2.txz: Rebuilt.
Reverted "[PATCH] swr: Fix GCC 4.9 checks." which makes X fail to start with
an illegal instruction on some hardware.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-2_pam.txz: Rebuilt.
Rebuilt with --disable-libcgmanager to fix setting limits on PAM.
Thanks to gattocarlo.
testing/packages/PAM/openssh-8.2p1-x86_64-1_pam.txz: Upgraded.
testing/packages/PAM/shadow-4.8.1-x86_64-3_pam.txz: Rebuilt.
Moved some of the /etc/pam.d/ file to the util-linux package where they
more properly belong.
testing/packages/PAM/util-linux-2.35.1-x86_64-3_pam.txz: Rebuilt.
Added some /etc/pam.d/ files previously in the shadow package.
Changed /etc/pam.d/{chfn,chsh} and made chfn/chsh setuid root to fix them.
Added /etc/pam.d/{runuser,runuser-l}.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Hey folks! PAM has finally landed in /testing. Some here wanted it to go
right into the main tree immediately, and in a more normal development cycle
I'd have been inclined to agree (it is -current, after all). But it's
probably better for it to appear in /testing first, to make sure we didn't
miss any bugs and also to serve as a warning shot that we'll be shaking up
the tree pretty good over the next few weeks. I'd like to see this merged
into the main tree in a day or two, so any testing is greatly appreciated.
Switching to the PAM packages (or reverting from them) is as easy as
installing all of them with upgradepkg --install-new, and if reverting then
remove the three leftover _pam packages. After reverting, a bit of residue
will remain in /etc/pam.d/ and /etc/security/ which can either be manually
deleted or simply ignored. While there are many more features available in
PAM compared with plain shadow, out of the box about the only noticable
change is the use of cracklib and libpwquality to check the quality of a
user-supplied password. Hopefully having PAM and krb5 will get us on track
to having proper Active Directory integration as well as using code paths
that are likely better audited these days. The attack surface *might* be
bigger, but it's also a lot better scrutinized.
Thanks to Robby Workman and Vincent Batts who did most of the initial heavy
lifting on the core PAM packages as a side project for many years. Thanks
also to Phantom X whose PAM related SlackBuilds were a valuable reference.
And thanks as well to ivandi - I learned a lot from the SlackMATE build
scripts and was even occasionally thankful for the amusing ways you would
kick my ass on LQ. ;-) You're more than welcome to let us know where we've
messed up this time.
The binutils and glibc packages in /testing were removed and are off the
table for now. I'm not seeing much upside to heading down that rabbit hole
at the moment. Next we need to be looking at Xfce 4.14 and Plasma 5.18 LTS
and some other things that have been held back since KDE4 couldn't use them.
Cheers! :-)
a/kernel-generic-5.4.19-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.19-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.19-x86_64-1.txz: Upgraded.
a/lvm2-2.03.08-x86_64-1.txz: Upgraded.
a/shadow-4.8.1-x86_64-2.txz: Rebuilt.
Automatically backup /etc/login.defs and install the new version if
incompatible PAM options are detected.
d/kernel-headers-5.4.19-x86-1.txz: Upgraded.
k/kernel-source-5.4.19-noarch-1.txz: Upgraded.
VALIDATE_FS_PARSER y -> n
xap/mozilla-thunderbird-68.5.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/68.5.0/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6793https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6794https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6795https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6797https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6798https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6792https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6800
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-1_pam.txz: Added.
testing/packages/PAM/at-3.2.1-x86_64-1_pam.txz: Added.
testing/packages/PAM/cifs-utils-6.10-x86_64-2_pam.txz: Added.
testing/packages/PAM/cracklib-2.9.7-x86_64-1_pam.txz: Added.
testing/packages/PAM/cups-2.3.1-x86_64-1_pam.txz: Added.
testing/packages/PAM/cyrus-sasl-2.1.27-x86_64-2_pam.txz: Added.
testing/packages/PAM/dovecot-2.3.9.2-x86_64-1_pam.txz: Added.
testing/packages/PAM/gnome-keyring-3.34.0-x86_64-1_pam.txz: Added.
testing/packages/PAM/hplip-3.19.12-x86_64-2_pam.txz: Added.
testing/packages/PAM/kde-workspace-4.11.22-x86_64-6_pam.txz: Added.
testing/packages/PAM/libcap-2.31-x86_64-1_pam.txz: Added.
testing/packages/PAM/libcgroup-0.41-x86_64-5_pam.txz: Added.
testing/packages/PAM/libpwquality-1.4.2-x86_64-1_pam.txz: Added.
testing/packages/PAM/mariadb-10.4.12-x86_64-1_pam.txz: Added.
testing/packages/PAM/netatalk-3.1.12-x86_64-2_pam.txz: Added.
testing/packages/PAM/netkit-rsh-0.17-x86_64-2_pam.txz: Added.
testing/packages/PAM/openssh-8.1p1-x86_64-1_pam.txz: Added.
testing/packages/PAM/openvpn-2.4.8-x86_64-1_pam.txz: Added.
testing/packages/PAM/pam-1.3.1-x86_64-1_pam.txz: Added.
testing/packages/PAM/polkit-0.116-x86_64-1_pam.txz: Added.
testing/packages/PAM/popa3d-1.0.3-x86_64-3_pam.txz: Added.
testing/packages/PAM/ppp-2.4.7-x86_64-3_pam.txz: Added.
testing/packages/PAM/proftpd-1.3.6b-x86_64-1_pam.txz: Added.
testing/packages/PAM/samba-4.11.6-x86_64-1_pam.txz: Added.
testing/packages/PAM/screen-4.8.0-x86_64-1_pam.txz: Added.
testing/packages/PAM/shadow-4.8.1-x86_64-2_pam.txz: Added.
testing/packages/PAM/sudo-1.8.31-x86_64-1_pam.txz: Added.
testing/packages/PAM/system-config-printer-1.5.12-x86_64-2_pam.txz: Added.
testing/packages/PAM/util-linux-2.35.1-x86_64-1_pam.txz: Added.
testing/packages/PAM/vsftpd-3.0.3-x86_64-5_pam.txz: Added.
testing/packages/PAM/xdm-1.1.11-x86_64-9_pam.txz: Added.
testing/packages/PAM/xlockmore-5.62-x86_64-1_pam.txz: Added.
testing/packages/PAM/xscreensaver-5.43-x86_64-1_pam.txz: Added.
testing/packages/binutils-2.34-x86_64-1.txz: Removed.
testing/packages/glibc-2.31-x86_64-1.txz: Removed.
testing/packages/glibc-i18n-2.31-x86_64-1.txz: Removed.
testing/packages/glibc-profile-2.31-x86_64-1.txz: Removed.
testing/packages/glibc-solibs-2.31-x86_64-1.txz: Removed.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/util-linux-2.35.1-x86_64-1.txz: Upgraded.
a/zerofree-1.1.1-x86_64-1.txz: Added.
Also queued up for the next installer build. Thanks to bifferos.
ap/sudo-1.8.31-x86_64-1.txz: Upgraded.
This update fixes a security issue:
In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
trigger a stack-based buffer overflow in the privileged sudo process.
(pwfeedback is a default setting in some Linux distributions; however, it
is not the default for upstream or in Slackware, and would exist only if
enabled by an administrator.) The attacker needs to deliver a long string
to the stdin of getln() in tgetpass.c.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
(* Security fix *)
n/NetworkManager-1.22.6-x86_64-1.txz: Upgraded.
n/openldap-client-2.4.49-x86_64-1.txz: Upgraded.
xfce/Thunar-1.8.11-x86_64-1.txz: Removed.
xfce/thunar-1.8.12-x86_64-1.txz: Added.
Changed package name from "Thunar" to "thunar" to follow upstream's naming.
a/kernel-generic-5.4.16-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.16-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.16-x86_64-1.txz: Upgraded.
ap/linuxdoc-tools-0.9.73-x86_64-5.txz: Rebuilt.
gnome-doc-tools: Make '/usr/bin/xml2po' and its accompanying Python module
build against Python3.
Thanks to bassmadrigal and ponce on LQ for the report and the patch.
docbook2x: Removed '--disable-maintainer-mode' configuration flag because
it's no longer valid.
Thanks to Stuart Winter.
d/kernel-headers-5.4.16-x86-1.txz: Upgraded.
k/kernel-source-5.4.16-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_elflibs-15.0-x86_64-21.txz: Rebuilt.
Upgraded: libisl.so.22.0.1.
Added: libkeyutils.so.1.9.
a/kernel-generic-5.4.15-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.15-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.15-x86_64-1.txz: Upgraded.
a/pciutils-3.6.4-x86_64-1.txz: Upgraded.
a/shadow-4.8.1-x86_64-1.txz: Upgraded.
d/check-0.14.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.15-x86-1.txz: Upgraded.
d/make-4.2.1-x86_64-5.txz: Rebuilt.
Drop back to make-4.2.1 since make-4.3 is breaking a few builds. We'll
revisit it later after sources have caught up to it or regressions have
been patched upstream.
d/python-pip-20.0.2-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.15-noarch-1.txz: Upgraded.
l/imagemagick-7.0.9_18-x86_64-1.txz: Upgraded.
l/python-packaging-20.1-x86_64-1.txz: Upgraded.
n/php-7.4.2-x86_64-3.txz: Rebuilt.
php.ini: Added extension=gd and extension=zip. Thanks to avian.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_elflibs-15.0-x86_64-19.txz: Rebuilt.
Upgraded: libcap.so.2.31, libgmp.so.10.4.0, libgmpxx.so.4.6.0.
Added: libgssapi_krb5.so.2.2, libk5crypto.so.3.1, libkrb5.so.3.3,
libkrb5support.so.0.1.
a/util-linux-2.35-x86_64-1.txz: Upgraded.
d/python-pip-20.0.1-x86_64-1.txz: Upgraded.
l/Mako-1.1.1-x86_64-1.txz: Upgraded.
l/keyutils-1.6.1-x86_64-1.txz: Upgraded.
n/krb5-1.17-x86_64-1.txz: Added.
Nothing links to this yet, but we'll need it soon enough. :-)
n/php-7.4.2-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Standard: OOB read in php_strip_tags_ex
Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
(* Security fix *)
n/samba-4.11.5-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
Replication of ACLs set to inherit down a subtree on AD Directory
not automatic.
Crash after failed character conversion at log level 3 or above.
Use after free during DNS zone scavenging in Samba AD DC.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344
(* Security fix *)
xap/gparted-1.1.0-x86_64-1.txz: Upgraded.
a/elvis-2.2_0-x86_64-5.txz: Rebuilt.
Don't make /usr/bin/{ex,vi} symlinks.
a/kernel-generic-5.4.11-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.11-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.11-x86_64-1.txz: Upgraded.
a/nvi-1.81.6-x86_64-1.txz: Added.
This is an implementation of the classic ex/vi text editor written by Keith
Bostic. Due to this having UTF8 support which elvis lacks, we'll have it
take over the ex/vi symlinks if they aren't already pointing to a different
choice. Note that the removal of vi/ex symlinks from the elvis and vim
packages might cause your ex/vi symlinks to point to this after all the ex/vi
packages have been upgraded. You can set them to your preferences using
pkgtool -> Setup -> vi-ex.
a/pkgtools-15.0-noarch-29.txz: Rebuilt.
Added an installer/pkgtool menu to select the default ex/vi editor.
ap/vim-8.2.0114-x86_64-1.txz: Upgraded.
Don't make /usr/bin/{ex,vi} symlinks.
d/kernel-headers-5.4.11-x86-1.txz: Upgraded.
d/python-setuptools-45.0.0-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.11-noarch-1.txz: Upgraded.
l/imagemagick-7.0.9_15-x86_64-1.txz: Upgraded.
n/ethtool-5.4-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.2.0114-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/ccache-3.7.7-x86_64-1.txz: Upgraded.
l/libpsl-0.21.0-x86_64-2.txz: Rebuilt.
Patched for new gtk-doc. Thanks to Matteo Bernardini.
l/pyparsing-2.4.6-x86_64-1.txz: Upgraded.
l/python-packaging-20.0-x86_64-1.txz: Upgraded.
l/python-pygments-2.5.2-x86_64-1.txz: Added.
This is needed by gtk-doc.
n/iputils-20190709-x86_64-2.txz: Rebuilt.
Patched for new libcap. Thanks to Matteo Bernardini.
x/fonttosfnt-1.1.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-68.4.0esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/68.4.0/releasenotes/https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
(* Security fix *)
a/kernel-generic-5.4.6-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.6-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.6-x86_64-1.txz: Upgraded.
a/procps-ng-3.3.16-x86_64-2.txz: Rebuilt.
Patched to hardcode the pgrep command string buffer size to 4096 as was done
in the previous release. This avoids an allocation error when the stack size
is unlimited. Thanks to Jeroslaw Siebert.
a/xfsprogs-5.4.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.6-x86-1.txz: Upgraded.
k/kernel-source-5.4.6-noarch-1.txz: Upgraded.
l/QScintilla-2.11.4-x86_64-1.txz: Upgraded.
n/dhcpcd-8.1.4-x86_64-1.txz: Upgraded.
n/lftp-4.9.0-x86_64-1.txz: Upgraded.
xap/hexchat-2.14.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/mariadb-10.4.11-x86_64-1.txz: Upgraded.
d/cmake-3.16.1-x86_64-1.txz: Upgraded.
d/git-2.24.1-x86_64-1.txz: Upgraded.
l/mozjs52-52.9.0esr-x86_64-2.txz: Removed.
This was used only by polkit-0.115.
l/mozjs60-60.9.0esr-x86_64-1.txz: Added.
This is needed for polkit-0.116.
l/polkit-0.116-x86_64-1.txz: Upgraded.
n/ModemManager-1.12.2-x86_64-1.txz: Upgraded.
xap/xine-ui-0.99.12-x86_64-1.txz: Upgraded.
n/bind-9.14.8-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Set a limit on the number of concurrently served pipelined TCP queries.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477
(* Security fix *)
x/mesa-19.2.5-x86_64-1.txz: Upgraded.
ap/qpdf-9.1.0-x86_64-1.txz: Upgraded.
d/check-0.13.0-x86_64-1.txz: Added.
This is needed to build PulseAudio using Meson.
l/alsa-lib-1.2.1-x86_64-2.txz: Rebuilt.
Merge alsa-topology-conf-1.2.1 and alsa-ucm-conf-1.2.1 into the package.
l/pulseaudio-13.0-x86_64-2.txz: Rebuilt.
Rebuilt with meson. This causes esound support to be dropped, but it's
likely that nobody will care.
l/pyparsing-2.4.5-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/alsa-lib-1.2.1-x86_64-2_alsa.txz: Rebuilt.
Merge alsa-topology-conf-1.2.1 and alsa-ucm-conf-1.2.1 into the package.
a/aaa_elflibs-15.0-x86_64-14.txz: Rebuilt.
Upgraded: libglib-2.0.so.0.6200.2, libgmodule-2.0.so.0.6200.2,
libgobject-2.0.so.0.6200.2, libgthread-2.0.so.0.6200.2.
Added: libgomp.so.1.0.0.
a/kernel-firmware-20191029_4065643-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.81-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.81-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.81-x86_64-1.txz: Upgraded.
ap/sudo-1.8.29-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.81-x86-1.txz: Upgraded.
d/python-setuptools-41.6.0-x86_64-1.txz: Upgraded.
k/kernel-source-4.19.81-noarch-1.txz: Upgraded.
l/harfbuzz-2.6.3-x86_64-1.txz: Upgraded.
n/samba-4.11.2-x86_64-1.txz: Upgraded.
This update fixes bugs and these security issues:
Client code can return filenames containing path separators.
Samba AD DC check password script does not receive the full password.
User with "get changes" permission can crash AD DC LDAP server via dirsync.
For more information, see:
https://www.samba.org/samba/security/CVE-2019-10218.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10218https://www.samba.org/samba/security/CVE-2019-14833.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14833https://www.samba.org/samba/security/CVE-2019-14847.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14847
(* Security fix *)
x/libglvnd-1.2.0-x86_64-4.txz: Rebuilt.
Applied upstream patches to fix EGL/eglplatform.h.
x/xorg-server-1.20.5-x86_64-3.txz: Rebuilt.
#define EGL_NO_X11 to fix glamor build against libglvnd-1.2.0.
x/xorg-server-xephyr-1.20.5-x86_64-3.txz: Rebuilt.
x/xorg-server-xnest-1.20.5-x86_64-3.txz: Rebuilt.
x/xorg-server-xvfb-1.20.5-x86_64-3.txz: Rebuilt.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
l/imagemagick-6.9.10_70-x86_64-1.txz: Upgraded.
x/libinput-1.14.3-x86_64-1.txz: Upgraded.
x/mkfontdir-1.0.7-noarch-2.txz: Removed.
The mkfontdir wrapper script and man page are provided by recent versions
of the mkfontscale package, making the mkfontdir package redundant.
Thanks to DarkVision.
x/mkfontscale-1.2.1-x86_64-2.txz: Rebuilt.
Moved the mkfontdir install script to this package since it includes the
mkfontdir wrapper script now.
xap/gimp-2.10.14-x86_64-1.txz: Upgraded.
a/getty-ps-2.1.0b-x86_64-4.txz: Removed.
a/lha-114i-x86_64-2.txz: Removed.
Removed due to vague licensing terms.
a/lhasa-0.3.1-x86_64-1.txz: Added.
This is an extraction-only LHA utility with an OSI approved license.
a/shadow-4.7-x86_64-2.txz: Rebuilt.
Added /etc/environment.new to fix "sudo -i" noise.
ap/lm_sensors-3.6.0-x86_64-1.txz: Upgraded.
ap/vim-8.1.2174-x86_64-1.txz: Upgraded.
l/netpbm-10.88.00-x86_64-1.txz: Upgraded.
n/ca-certificates-20191018-noarch-1.txz: Upgraded.
n/samba-4.11.1-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.2174-x86_64-1.txz: Upgraded.
xap/xfractint-20.04p13-x86_64-2.txz: Removed.
xap/xv-3.10a-x86_64-9.txz: Removed.
extra/getty-ps/getty-ps-2.1.0b-x86_64-4.txz: Rebuilt.
Moved here from the A series due to commercial use restrictions.
extra/xfractint/xfractint-20.04p14-x86_64-1.txz: Upgraded.
Moved here from the XAP series due to commercial use restrictions.
extra/xv/xv-3.10a-x86_64-9.txz: Rebuilt.
Moved here from the XAP series due to non-commercial use shareware license.