ap/sudo-1.9.13p2-x86_64-1.txz: Upgraded.
d/make-4.4.1-x86_64-1.txz: Upgraded.
d/strace-6.2-x86_64-1.txz: Upgraded.
x/ibus-libpinyin-1.15.1-x86_64-2.txz: Rebuilt.
[PATCH] fix awk scripts to work properly when used against sqlite 3.41.0.
Thanks to lucabon.
d/perl-5.36.0-x86_64-3.txz: Rebuilt.
Upgraded: IO-Socket-SSL-2.081, Moo-2.005005, Path-Tiny-0.144,
Sub-Quote-2.006008, Template-Toolkit-3.101, URI-5.17.
Added: JSON-4.10 (needed to build Samba with --bundled-libraries=heimdal).
kde/kstars-3.6.3-x86_64-1.txz: Upgraded.
l/gjs-1.74.1-x86_64-1.txz: Upgraded.
Compiled against mozjs102-102.7.0esr.
l/mozjs102-102.7.0esr-x86_64-1.txz: Added.
This is required by gjs-1.74.1 and polkit-122.
l/mozjs78-78.15.0esr-x86_64-1.txz: Removed.
l/polkit-122-x86_64-1.txz: Upgraded.
Compiled against mozjs102-102.7.0esr.
ap/cups-filters-1.28.17-x86_64-1.txz: Upgraded.
ap/vim-9.0.1241-x86_64-1.txz: Upgraded.
Fixed a security issue:
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0433
(* Security fix *)
d/guile-3.0.9-x86_64-1.txz: Upgraded.
d/poke-3.0-x86_64-1.txz: Upgraded.
l/nodejs-19.5.0-x86_64-1.txz: Upgraded.
n/bind-9.18.11-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
An UPDATE message flood could cause :iscman:`named` to exhaust all
available memory. This flaw was addressed by adding a new
:any:`update-quota` option that controls the maximum number of
outstanding DNS UPDATE messages that :iscman:`named` can hold in a
queue at any given time (default: 100).
:iscman:`named` could crash with an assertion failure when an RRSIG
query was received and :any:`stale-answer-client-timeout` was set to a
non-zero value. This has been fixed.
:iscman:`named` running as a resolver with the
:any:`stale-answer-client-timeout` option set to any value greater
than ``0`` could crash with an assertion failure, when the
:any:`recursive-clients` soft quota was reached. This has been fixed.
For more information, see:
https://kb.isc.org/docs/cve-2022-3094https://kb.isc.org/docs/cve-2022-3736https://kb.isc.org/docs/cve-2022-3924https://www.cve.org/CVERecord?id=CVE-2022-3094https://www.cve.org/CVERecord?id=CVE-2022-3736https://www.cve.org/CVERecord?id=CVE-2022-3924
(* Security fix *)
n/openvpn-2.6.0-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1241-x86_64-1.txz: Upgraded.
Hey folks, Merry Christmas and Hanukkah Sameach! Figured it was about time to
get some kind of kernel activity going again, but it most definitely belongs
in /testing for now. I've been trying to shape this up for weeks, but there
are still issues, and maybe someone out there can help. The biggest problem
is that the 32-bit kernels crash on boot. Initially there's some sort of
Intel ME failure (this is on a Thinkpad X1E). If those modules are
blacklisted, then the kernel will go on to crash loading the snd_hda_intel
module. The other issue is that I've got a 4K panel in this machine, and
have always appended the kernel option video=1920x1080@60 to put the console
in HD instead, and then loaded a Terminus console font to make the text even
larger. With these kernels, that option is completely ignored. I've tried some
other syntax I've seen online to no avail. And when the Terminus font is
loaded the text gets *even smaller* for some reason.
So be careful of these kernels (especially the 32-bit ones), but I welcome
any hints about what's going on here or if there are config changes that
might get this working properly. Is anyone out there running a 6.x kernel on
bare metal 32-bit x86?
Cheers!
ap/vim-9.0.1091-x86_64-1.txz: Upgraded.
d/meson-1.0.0-x86_64-1.txz: Upgraded.
d/ruby-3.2.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/subversion-1.14.2-x86_64-3.txz: Rebuilt.
Recompiled against ruby-3.2.0.
l/glib2-2.74.4-x86_64-1.txz: Upgraded.
l/netpbm-11.00.03-x86_64-1.txz: Upgraded.
l/rubygem-asciidoctor-2.0.18-x86_64-1.txz: Upgraded.
Compiled against ruby-3.2.0.
n/epic5-2.1.12-x86_64-2.txz: Rebuilt.
Recompiled against ruby-3.2.0.
x/marisa-0.2.6-x86_64-6.txz: Rebuilt.
Recompiled against ruby-3.2.0.
xap/vim-gvim-9.0.1091-x86_64-1.txz: Upgraded.
testing/packages/linux-6.1.x/kernel-generic-6.1.1-x86_64-1.txz: Added.
testing/packages/linux-6.1.x/kernel-headers-6.1.1-x86-1.txz: Added.
testing/packages/linux-6.1.x/kernel-huge-6.1.1-x86_64-1.txz: Added.
testing/packages/linux-6.1.x/kernel-modules-6.1.1-x86_64-1.txz: Added.
testing/packages/linux-6.1.x/kernel-source-6.1.1-noarch-1.txz: Added.
a/sysvinit-scripts-15.1-noarch-3.txz: Rebuilt.
rc.6: support an optional rc.firewall_shutdown script. Most firewall scripts
don't need a formal shutdown, but in some cases it can be useful. If your
rc.firewall script supports a stop parameter, the shutdown script should just
contain "/etc/rc.d/rc.firewall stop", or rc.firewall_shutdown could also be
a symlink to the rc.firewall script in that case. But how the script works
is (like the rc.firewall script support) completely up to the admin.
Thanks to metaed for the suggestion.
Please note that contrary to the request, I placed this *after* the network
is shut down to avoid removing firewall protection while the interfaces are
still active. Whether it'll work in this place for metaed's (or anyone
else's) needs, I'm not sure. It's a start. Feel free to weigh in on the LQ
thread if you have any ideas for improvement, but the goal here is to keep
this support as simple and flexible as possible.
d/nasm-2.16-x86_64-1.txz: Upgraded.
d/parallel-20221222-noarch-1.txz: Upgraded.
n/bind-9.18.10-x86_64-1.txz: Upgraded.
n/curl-7.87.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.6.1-x86_64-1.txz: Upgraded.
This release contains a security fix and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.6.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2022-54/https://www.cve.org/CVERecord?id=CVE-2022-46874
(* Security fix *)
xfce/xfce4-screenshooter-1.10.0-x86_64-1.txz: Upgraded.
d/p2c-2.02-x86_64-1.txz: Upgraded.
kde/dolphin-22.12.0-x86_64-2.txz: Rebuilt.
[PATCH] Revert "portalize drag urls"
Thanks to marav.
l/gst-plugins-bad-free-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.20.5-x86_64-1.txz: Upgraded.
l/gstreamer-1.20.5-x86_64-1.txz: Upgraded.
l/libqalculate-4.5.0-x86_64-1.txz: Upgraded.
l/libvncserver-0.9.14-x86_64-1.txz: Upgraded.
l/sdl-1.2.15-x86_64-14.txz: Rebuilt.
This update fixes a heap overflow problem in video/SDL_pixels.c in SDL.
By crafting a malicious .BMP file, an attacker can cause the application
using this library to crash, denial of service, or code execution.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-33657
(* Security fix *)
n/gnupg2-2.2.41-x86_64-1.txz: Upgraded.
n/libksba-1.6.3-x86_64-1.txz: Upgraded.
Fix another integer overflow in the CRL's signature parser.
(* Security fix *)
x/libSM-1.2.4-x86_64-1.txz: Upgraded.
x/xcb-util-0.4.1-x86_64-1.txz: Upgraded.
x/xdriinfo-1.0.7-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.7-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
d/cbindgen-0.24.3-x86_64-1.txz: Added.
d/python3-3.9.16-x86_64-1.txz: Upgraded.
This update fixes security issues:
gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680
(heap use-after-free).
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio
related name resolution functions no longer involves a quadratic algorithm
to fix CVE-2022-45061. This prevents a potential CPU denial of service if an
out-of-spec excessive length hostname involving bidirectional characters were
decoded. Some protocols such as urllib http 3xx redirects potentially allow
for an attacker to supply such a name.
gh-100001: python -m http.server no longer allows terminal control characters
sent within a garbage request to be printed to the stderr server log.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the
gc module.
gh-97514: On Linux the multiprocessing module returns to using filesystem
backed unix domain sockets for communication with the forkserver process
instead of the Linux abstract socket namespace. Only code that chooses to use
the "forkserver" start method is affected. This prevents Linux CVE-2022-42919
(potential privilege escalation) as abstract sockets have no permissions and
could allow any user on the system in the same network namespace (often the
whole system) to inject code into the multiprocessing forkserver process.
Filesystem based socket permissions restrict this to the forkserver process
user as was the default in Python 3.8 and earlier.
gh-98517: Port XKCP's fix for the buffer overflows in SHA-3 to fix
CVE-2022-37454.
gh-68966: The deprecated mailcap module now refuses to inject unsafe text
(filenames, MIME types, parameters) into shell commands to address
CVE-2015-20107. Instead of using such text, it will warn and act as if a
match was not found (or for test commands, as if the test failed).
For more information, see:
https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-43680https://www.cve.org/CVERecord?id=CVE-2022-45061https://www.cve.org/CVERecord?id=CVE-2022-42919https://www.cve.org/CVERecord?id=CVE-2022-37454https://www.cve.org/CVERecord?id=CVE-2015-20107
(* Security fix *)
d/rust-bindgen-0.63.0-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
l/pcre2-10.41-x86_64-1.txz: Upgraded.
n/proftpd-1.3.8-x86_64-1.txz: Upgraded.
x/mesa-22.3.0-x86_64-1.txz: Upgraded.
Compiled with Rusticl support. Thanks to Heinz Wiesinger.
x/xdm-1.1.14-x86_64-1.txz: Upgraded.
a/gptfdisk-1.0.9-x86_64-2.txz: Rebuilt.
Applied upstream patches to fix a crash and partition corruption caused by
the popt upgrade:
[PATCH] Updated guid.cc to deal with minor change in libuuid
[PATCH] Fix failure & crash of sgdisk when compiled with latest popt
[PATCH] Fix NULL dereference when duplicating string argument
Thanks to jloco.
d/cmake-3.25.1-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-24.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/cantor-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kfilemetadata-5.100.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kile-2.9.93-x86_64-22.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kitinerary-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/krita-5.1.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/okular-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
l/glib2-2.74.3-x86_64-1.txz: Upgraded.
l/poppler-22.12.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/NetworkManager-1.40.6-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-1.txz: Upgraded.
xap/libnma-1.10.4-x86_64-1.txz: Upgraded.
xap/network-manager-applet-1.30.0-x86_64-1.txz: Upgraded.
a/bash-5.2.012-x86_64-1.txz: Upgraded.
a/less-612-x86_64-1.txz: Upgraded.
a/tcsh-6.24.02-x86_64-1.txz: Upgraded.
ap/vim-9.0.0942-x86_64-1.txz: Upgraded.
d/make-4.4-x86_64-2.txz: Rebuilt.
[SV 63307] Spawn children with the default disposition of sigpipe.
Thanks to nobodino.
d/ruby-3.1.3-x86_64-1.txz: Upgraded.
This release includes a security fix:
HTTP response splitting in CGI.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-33621
(* Security fix *)
l/pipewire-0.3.61-x86_64-1.txz: Upgraded.
n/ipset-7.16-x86_64-1.txz: Upgraded.
x/fcitx5-5.0.21-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.0942-x86_64-1.txz: Upgraded.
a/ntfs-3g-2022.10.3-x86_64-1.txz: Upgraded.
ap/mpg123-1.31.0-x86_64-1.txz: Upgraded.
ap/vim-9.0.0814-x86_64-1.txz: Upgraded.
A vulnerability was found in vim and classified as problematic. Affected by
this issue is the function qf_update_buffer of the file quickfix.c of the
component autocmd Handler. The manipulation leads to use after free. The
attack may be launched remotely. Upgrading to version 9.0.0805 is able to
address this issue.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-3705
(* Security fix *)
d/ccache-4.7.2-x86_64-1.txz: Upgraded.
d/make-4.4-x86_64-1.txz: Upgraded.
d/patchelf-0.16.1-x86_64-1.txz: Upgraded.
d/strace-6.0-x86_64-1.txz: Upgraded.
kde/kwin-5.26.2.1-x86_64-2.txz: Rebuilt.
[PATCH] x11window: revert more from 3a28c02f.
Thanks to Heinz Wiesinger.
[PATCH] x11: Don't force QT_NO_GLIB=1.
[PATCH] x11: Don't force QT_QPA_PLATFORM=xcb.
Thanks to marav.
l/libedit-20221030_3.1-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-5.0.0-x86_64-1.txz: Upgraded.
l/taglib-1.13-x86_64-1.txz: Upgraded.
l/utf8proc-2.8.0-x86_64-1.txz: Upgraded.
n/openvpn-2.5.8-x86_64-1.txz: Upgraded.
n/socat-1.7.4.4-x86_64-1.txz: Upgraded.
x/libXext-1.3.5-x86_64-1.txz: Upgraded.
x/libXinerama-1.1.5-x86_64-1.txz: Upgraded.
x/makedepend-1.0.7-x86_64-1.txz: Upgraded.
x/rgb-1.1.0-x86_64-1.txz: Upgraded.
x/sessreg-1.1.3-x86_64-1.txz: Upgraded.
x/x11perf-1.6.2-x86_64-1.txz: Upgraded.
x/xsetroot-1.1.3-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-106.0.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/106.0.3/releasenotes/
xap/mozilla-thunderbird-102.4.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.4.1/releasenotes/
xap/vim-gvim-9.0.0814-x86_64-1.txz: Upgraded.
extra/php80/php80-8.0.25-x86_64-1.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31630https://www.cve.org/CVERecord?id=CVE-2022-37454
(* Security fix *)
extra/php81/php81-8.1.12-x86_64-1.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31630https://www.cve.org/CVERecord?id=CVE-2022-37454
(* Security fix *)
a/kernel-generic-5.19.3-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.3-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.3-x86_64-1.txz: Upgraded.
d/gcc-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-g++-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-gdc-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-gfortran-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-gnat-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-go-12.2.0-x86_64-1.txz: Upgraded.
d/gcc-objc-12.2.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.19.3-x86-1.txz: Upgraded.
d/libtool-2.4.7-x86_64-3.txz: Rebuilt.
Recompiled to update embedded GCC version number.
d/python-setuptools-65.1.1-x86_64-1.txz: Upgraded.
Make libdir = platlib to agree with the paths in python3.
k/kernel-source-5.19.3-noarch-1.txz: Upgraded.
xfce/xfce4-panel-4.16.5-x86_64-1.txz: Upgraded.
xfce/xfdesktop-4.16.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
/etc/rc.d/rc.S: Added support for setting the Installer's root password
from a kernel cmdline key value pair: instrootpw=yourpassword
This is intended for network installations where otherwise the root password
would be unset. Note: this does not configure the OS root password.
Thanks to Stuart Winter.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
/etc/rc.d/rc.S: Added support for setting the Installer's root password
from a kernel cmdline key value pair: instrootpw=yourpassword
This is intended for network installations where otherwise the root password
would be unset. Note: this does not configure the OS root password.
Thanks to Stuart Winter.
a/kernel-firmware-20220810_ad5ae82-noarch-1.txz: Upgraded.
d/binutils-2.39-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-10.txz: Rebuilt.
Recompiled against binutils-2.39.
l/gdk-pixbuf2-2.42.9-x86_64-1.txz: Upgraded.
l/nodejs-18.7.0-x86_64-1.txz: Upgraded.
Might as well go with the latest version of this since everyone else does.
Fixed a sed substitution to get the correct lib${LIBDIRSUFFIX} in npm.js.
Thanks to conraid and zerouno.
n/gpgme-1.18.0-x86_64-1.txz: Upgraded.
n/libnftnl-1.2.3-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.2-x86_64-1.txz: Upgraded.
n/nftables-1.0.5-x86_64-1.txz: Upgraded.
a/dcron-4.5-x86_64-12.txz: Rebuilt.
Rebase the run-parts script on the latest version from Fedora's crontabs
package. Thanks to avian.
a/elilo-3.16-x86_64-13.txz: Rebuilt.
Patched to disable the Confidential Computing blob for SEV-SNP, which
fixes booting a 5.19 kernel with the EFI stub enabled. If you use elilo,
be sure to either run eliloconfig again or manually copy (and rename) the
proper elilo binary to your EFI System Partition.
Thanks to PiterPunk.
a/sysklogd-2.4.2-x86_64-1.txz: Upgraded.
ap/most-5.2.0-x86_64-1.txz: Upgraded.
d/cmake-3.24.0-x86_64-1.txz: Upgraded.
x/ibus-table-1.16.10-x86_64-1.txz: Upgraded.
extra/brltty/brltty-6.5-x86_64-1.txz: Upgraded.
extra/php80/php80-8.0.22-x86_64-1.txz: Upgraded.
a/cryptsetup-2.5.0-x86_64-2.txz: Rebuilt.
Use file descriptor 3 in rc.luks's main loop so that sdtin works properly for
cryptsetup and/or a keyscript. PiterPunk gave it to me like this and then I
proceeded to break it. Sorry about that.
d/perl-5.36.0-x86_64-2.txz: Rebuilt.
Upgraded to URI-5.12.
Added a symlink to libperl.so in /usr/${LIBDIRSUFFIX} since net-snmp (and
possibly other programs) might have trouble linking with it since it's not
in the LD_LIBRARY_PATH. Thanks to oneforall.
d/poke-2.4-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_44-x86_64-1.txz: Upgraded.
n/bluez-5.65-x86_64-1.txz: Upgraded.
n/proftpd-1.3.7e-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-103.0-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/103.0/releasenotes/
(* Security fix *)
a/aaa_libraries-15.1-x86_64-6.txz: Rebuilt.
Upgraded: libcap.so.2.65, libglib-2.0.so.0.7200.3, libgmodule-2.0.so.0.7200.3,
libgobject-2.0.so.0.7200.3, libgthread-2.0.so.0.7200.3, libidn2.so.0.3.8.
Removed: libboost_*.so.1.78.0.
a/kernel-firmware-20220719_4421586-noarch-1.txz: Upgraded.
d/python-setuptools-63.2.0-x86_64-1.txz: Upgraded.
d/rust-1.62.1-x86_64-1.txz: Upgraded.
kde/kio-5.96.0-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
l/libcap-2.65-x86_64-1.txz: Upgraded.
l/netpbm-10.99.01-x86_64-1.txz: Upgraded.
l/pipewire-0.3.56-x86_64-1.txz: Upgraded.
l/qt5-5.15.5_20220705_ea4efc06-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
n/alpine-2.26-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/bind-9.18.5-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
n/curl-7.84.0-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/fetchmail-6.4.31-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/krb5-1.19.3-x86_64-2.txz: Rebuilt.
Since Samba still won't link against krb5-1.20, I think it's best to drop
back to this version until it does. Perhaps it would be better to just use
the internal Heimdal libraries instead, but I don't really know if that has
all the same functionality or not. Hints welcome if you'd like to drop them
in the "regression on -current with samba (new krb5)" thread.
Also, just to be 100% sure the krb5 revert doesn't cause any ABI issues,
we'll recompile everything that we've linked to krb5 while krb5-1.20 was
in -current.
Thanks to nobodino.
n/php-7.4.30-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/samba-4.16.3-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
xap/gnuplot-5.4.4-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.0.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.0.3/releasenotes/
extra/php80/php80-8.0.21-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
extra/php81/php81-8.1.8-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
a/hwdata-0.361-noarch-1.txz: Upgraded.
a/kernel-firmware-20220705_f5f02da-noarch-1.txz: Upgraded.
a/kmod-30-x86_64-1.txz: Upgraded.
a/mcelog-184-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1q-x86_64-1.txz: Upgraded.
ap/vim-9.0.0041-x86_64-1.txz: Upgraded.
d/llvm-14.0.6-x86_64-2.txz: Rebuilt.
Shared library .so-version bump.
We gave the DYLIB options a try and the resulting compilers are unable to
compile Firefox or Thunderbird, so we're back to using BUILD_SHARED_LIBS
(which works fine). I'm in no real hurry to revisit this, but I'll look at
any hints you might have for me if you post them on LQ.
d/meson-0.63.0-x86_64-1.txz: Upgraded.
d/rust-1.62.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_40-x86_64-1.txz: Upgraded.
l/isl-0.25-x86_64-1.txz: Upgraded.
l/libdmtx-0.7.7-x86_64-1.txz: Upgraded.
l/libgphoto2-2.5.30-x86_64-1.txz: Upgraded.
l/libmtp-1.1.20-x86_64-1.txz: Upgraded.
l/libvpx-1.12.0-x86_64-1.txz: Upgraded.
l/pipewire-0.3.53-x86_64-1.txz: Upgraded.
l/poppler-22.07.0-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-14.0.0-x86_64-2.txz: Rebuilt.
Recompiled against llvm-14.0.6-2.
n/openssl-1.1.1q-x86_64-1.txz: Upgraded.
This update fixes security issues:
Heap memory corruption with RSA private key operation.
AES OCB fails to encrypt some bytes.
For more information, see:
https://www.openssl.org/news/secadv/20220705.txthttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
(* Security fix *)
n/wget2-2.0.1-x86_64-1.txz: Upgraded.
x/libva-2.15.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.15.0-x86_64-1.txz: Upgraded.
x/mesa-21.3.8-x86_64-3.txz: Rebuilt.
Recompiled against llvm-14.0.6-2.
xap/mozilla-firefox-102.0.1-x86_64-1.txz: Upgraded.
This update contains security fixes (possibly) and improvements.
At this time, the link below only says "We're still preparing the notes for
this release, and will post them here when they are ready. Please check back
later."
For more information, see:
https://www.mozilla.org/en-US/firefox/102.0.1/releasenotes/
(* Security fix *)
xap/vim-gvim-9.0.0041-x86_64-1.txz: Upgraded.
extra/rust-for-mozilla/rust-1.60.0-x86_64-1.txz: Upgraded.
a/btrfs-progs-5.17-x86_64-1.txz: Upgraded.
l/libgsf-1.14.49-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.78-x86_64-1.txz: Upgraded.
l/oniguruma-6.9.8-x86_64-1.txz: Upgraded.
l/python-alabaster-0.7.12-x86_64-1.txz: Added.
l/python-babel-2.10.1-x86_64-1.txz: Added.
l/python-imagesize-1.3.0-x86_64-1.txz: Added.
l/python-importlib_metadata-4.11.3-x86_64-1.txz: Added.
l/python-pytz-2022.1-x86_64-1.txz: Added.
l/python-snowballstemmer-2.2.0-x86_64-1.txz: Added.
l/python-sphinx-4.5.0-x86_64-1.txz: Added.
l/python-zipp-3.8.0-x86_64-1.txz: Added.
n/ModemManager-1.18.8-x86_64-1.txz: Upgraded.
x/libX11-1.8-x86_64-1.txz: Upgraded.
xap/pidgin-2.14.9-x86_64-1.txz: Upgraded.
Mitigate the potential for a man in the middle attack via DNS spoofing by
removing the code that supported the _xmppconnect DNS TXT record.
For more information, see:
https://www.pidgin.im/about/security/advisories/cve-2022-26491/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26491
(* Security fix *)
a/kernel-firmware-20220411_f219d61-noarch-1.txz: Upgraded.
ap/cups-filters-1.28.15-x86_64-1.txz: Upgraded.
d/subversion-1.14.2-x86_64-1.txz: Upgraded.
n/whois-5.5.13-x86_64-1.txz: Upgraded.
xap/geeqie-1.7.3-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-99.0.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/99.0.1/releasenotes/
a/dbus-1.12.22-x86_64-1.txz: Upgraded.
a/kernel-firmware-20220228_ee0667a-noarch-1.txz: Upgraded.
ap/sysstat-12.5.6-x86_64-1.txz: Upgraded.
d/ccache-4.6-x86_64-1.txz: Upgraded.
d/rcs-5.10.1-x86_64-1.txz: Upgraded.
l/libjpeg-turbo-2.1.3-x86_64-1.txz: Upgraded.
l/libxml2-2.9.13-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
Use-after-free of ID and IDREF attributes
(Thanks to Shinji Sato for the report)
Use-after-free in xmlXIncludeCopyRange (David Kilzer)
Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
Fix memory leak in xmlXPathCompNodeTest
Fix null pointer deref in xmlStringGetNodeList
Fix several memory leaks found by Coverity (David King)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
(* Security fix *)
l/libxslt-1.1.35-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
Fix use-after-free in xsltApplyTemplates
Fix memory leak in xsltDocumentElem (David King)
Fix memory leak in xsltCompileIdKeyPattern (David King)
Fix double-free with stylesheets containing entity nodes
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560
(* Security fix *)
n/wget-1.21.3-x86_64-1.txz: Upgraded.
x/xterm-371-x86_64-1.txz: Upgraded.
xap/xscreensaver-6.03-x86_64-1.txz: Upgraded.
ap/inxi-3.3.13_1-noarch-1.txz: Upgraded.
d/parallel-20220222-noarch-1.txz: Upgraded.
d/patchelf-0.14.5-x86_64-1.txz: Upgraded.
d/rust-1.59.0-x86_64-1.txz: Upgraded.
n/cyrus-sasl-2.1.28-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
(* Security fix *)
n/nftables-1.0.2-x86_64-1.txz: Upgraded.
n/nghttp2-1.47.0-x86_64-1.txz: Upgraded.
n/openssh-8.9p1-x86_64-1.txz: Upgraded.
n/whois-5.5.12-x86_64-1.txz: Upgraded.
x/mesa-21.3.7-x86_64-1.txz: Upgraded.
x/xf86-video-amdgpu-22.0.0-x86_64-1.txz: Upgraded.
xap/freerdp-2.6.0-x86_64-1.txz: Upgraded.
xap/gftp-2.9.1b-x86_64-1.txz: Upgraded.
extra/xv/xv-3.10a-x86_64-10.txz: Rebuilt.
Drop JasPer support until xv can be ported to the new JasPer library (or
preferably to openjpeg).
