a/elilo-3.16-x86_64-17.txz: Rebuilt.
eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg.
ap/cups-browsed-2.1.0-x86_64-1.txz: Upgraded.
Removed support for legacy CUPS browsing and for LDAP
Legacy CUPS browsing is not needed any more and, our implementation
accepting any UDP packet on port 631, causes vulnerabilities, and
our LDAP support is does not comly with RFC 7612 and is therefore
limited. Fixes CVE-2024-47176 and CVE-2024-47850
Default `BrowseRemoteProtocols` should not include `cups` protocol
Works around CVE-2024-47176, the fix is the complete removal of
legacy CUPS Browsing functionality.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176https://www.cve.org/CVERecord?id=CVE-2024-47850
(* Security fix *)
l/dav1d-1.5.0-x86_64-1.txz: Upgraded.
l/gvfs-1.56.1-x86_64-1.txz: Upgraded.
l/libcupsfilters-2.1.0-x86_64-1.txz: Upgraded.
`cfGetPrinterAttributes5()`: Validate response attributes before return
The IPP print destination which we are querying can be corrupted or
forged, so validate the response to strenghten security. Fixes
CVE-2024-47076.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47076
(* Security fix *)
l/libppd-2.1.0-x86_64-1.txz: Upgraded.
Prevent PPD generation based on invalid IPP response
Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator,
refactor make-and-model code, PPDize preset and template names,
quote PPD localized strings. Fixes CVE-2024-47175.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47175
(* Security fix *)
l/python-MarkupSafe-3.0.2-x86_64-1.txz: Upgraded.
l/python-psutil-6.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.8-x86_64-1.txz: Upgraded.
a/kernel-generic-6.6.24-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.24-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.24-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.24-x86-1.txz: Upgraded.
d/python3-3.11.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.6.24-noarch-1.txz: Upgraded.
-AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT n
-GCC11_NO_ARRAY_BOUNDS y
NUMA_BALANCING n -> y
+GCC10_NO_ARRAY_BOUNDS y
+NUMA_BALANCING_DEFAULT_ENABLED y
kde/libindi-2.0.7-x86_64-1.txz: Upgraded.
l/SDL2-2.30.2-x86_64-1.txz: Upgraded.
l/aom-3.8.2-x86_64-1.txz: Added.
Needed to add AV1 encode/decode support to ffmpeg.
Thanks to Andrew Strong.
l/dav1d-1.4.1-x86_64-1.txz: Added.
Needed to add AV1 decode support to ffmpeg.
l/ffmpeg-6.1.1-x86_64-2.txz: Rebuilt.
Patched to build with nv-codec-headers-12.2.72.0. Thanks to J_W.
Compiled against aom-3.8.2 and dav1d-1.4.1 for AV1 support.
Thanks to glennmcc.
l/gtk4-4.14.2-x86_64-1.txz: Upgraded.
n/whois-5.5.22-x86_64-1.txz: Upgraded.
Fixed a segmentation fault with --no-recursion.
Updated the .bm and .vi TLD servers.
Removed 4 new gTLDs which are no longer active.
xap/MPlayer-20240403-x86_64-1.txz: Upgraded.
Compiled using --enable-libaom-lavc and --enable-libdav1d-lavc.
Thanks to glennmcc.
xap/pan-0.157-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.