Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
a/kernel-firmware-20241001_95bfe08-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.12-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-12.txz: Rebuilt.
makepkg: when looking for ELF objects with --remove-rpaths or
--remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
of the directory or filename.
Also warn about /tmp rpaths after the package is built.
ap/cups-2.4.11-x86_64-1.txz: Upgraded.
ap/cups-browsed-2.0.1-x86_64-2.txz: Rebuilt.
Mitigate security issue that could lead to a denial of service or
the execution of arbitrary code.
Rebuilt with --with-browseremoteprotocols=none to disable incoming
connections, since this daemon has been shown to be insecure. If you
actually use cups-browsed, be sure to install the new
/etc/cups/cups-browsed.conf.new containing this line:
BrowseRemoteProtocols none
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176
(* Security fix *)
d/kernel-headers-6.10.12-x86-1.txz: Upgraded.
d/llvm-18.1.8-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
d/luajit-2.1.1727621189-x86_64-1.txz: Upgraded.
d/ruby-3.3.5-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
k/kernel-source-6.10.12-noarch-1.txz: Upgraded.
kde/kimageformats-5.116.0-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/kio-extras-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/krita-5.2.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/libindi-2.1.0-x86_64-1.txz: Upgraded.
l/cryfs-0.10.3-x86_64-13.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/espeak-ng-1.51.1-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/ffmpeg-7.1-x86_64-1.txz: Upgraded.
l/gegl-0.4.48-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/gst-plugins-bad-free-1.24.8-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/imagemagick-7.1.1_38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/libgsf-1.14.53-x86_64-1.txz: Upgraded.
l/librsvg-2.58.5-x86_64-1.txz: Upgraded.
l/libvncserver-0.9.14-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/mozjs128-128.3.0esr-x86_64-1.txz: Upgraded.
l/netpbm-11.08.00-x86_64-1.txz: Upgraded.
l/opencv-4.10.0-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/openexr-3.3.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-glad2-2.0.8-x86_64-1.txz: Upgraded.
l/python-pyproject-hooks-1.2.0-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-18.1.4-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/woff2-20231106_0f4d304-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
n/openobex-1.7.2-x86_64-6.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
x/marisa-0.2.6-x86_64-11.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
xap/gimp-2.10.38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
xap/mozilla-firefox-128.3.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2024-47https://www.cve.org/CVERecord?id=CVE-2024-9392https://www.cve.org/CVERecord?id=CVE-2024-9393https://www.cve.org/CVERecord?id=CVE-2024-9394https://www.cve.org/CVERecord?id=CVE-2024-8900https://www.cve.org/CVERecord?id=CVE-2024-9396https://www.cve.org/CVERecord?id=CVE-2024-9397https://www.cve.org/CVERecord?id=CVE-2024-9398https://www.cve.org/CVERecord?id=CVE-2024-9399https://www.cve.org/CVERecord?id=CVE-2024-9400https://www.cve.org/CVERecord?id=CVE-2024-9401https://www.cve.org/CVERecord?id=CVE-2024-9402
(* Security fix *)
xap/xlockmore-5.80-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.11.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.11.1-x86-1.txz: Upgraded.
testing/packages/kernel-source-6.11.1-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/ispell-3.4.06-x86_64-3.txz: Rebuilt.
Get rid of hardcoded temporary path in munchlist.
l/boost-1.86.0-x86_64-2.txz: Rebuilt.
Get rid of hardcoded temporary paths in the cmake files.
Since these paths point to a location that an unprivileged user could
create and populate with files that could be picked up during a build,
it's possible this bug could be used for malicious purposes.
Thanks to jmacloue.
(* Security fix *)
l/fribidi-1.0.16-x86_64-1.txz: Upgraded.
n/php-8.3.12-x86_64-1.txz: Upgraded.
This update fixes security issues:
CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter
Injection Vulnerability).
CGI: Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
bypassable due to the environment variable collision).
FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from children may be altered).
SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form
data).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-8926https://www.cve.org/CVERecord?id=CVE-2024-8927https://www.cve.org/CVERecord?id=CVE-2024-9026https://www.cve.org/CVERecord?id=CVE-2024-8925
(* Security fix *)
x/vulkan-sdk-1.3.290.0-x86_64-2.txz: Rebuilt.
Get rid of hardcoded temporary path in volkTargets.cmake.
(* Security fix *)
d/parallel-20240922-noarch-1.txz: Upgraded.
l/libarchive-3.7.6-x86_64-1.txz: Upgraded.
This release fixes a tar regression introduced in libarchive 3.7.5.
xap/geeqie-2.5-x86_64-2.txz: Rebuilt.
-Dgq_helpdir and -Dgq_htmldir should be relative to the prefix (/usr).
Thanks to mickski56.
d/meson-1.5.2-x86_64-1.txz: Upgraded.
l/python-sphinx-8.0.2-x86_64-2.txz: Rebuilt.
Upgraded extension modules: sphinxcontrib_applehelp-2.0,
sphinxcontrib_devhelp-2.0.0, sphinxcontrib_htmlhelp-2.1.0,
sphinxcontrib_qthelp-2.0.0, sphinxcontrib_serializinghtml-2.0.0.
Thanks to USUARIONUEVO.
xap/geeqie-2.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.2.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.2.3esr/releasenotes/
a/dracut-103-x86_64-2.txz: Rebuilt.
Include /etc/dracut.conf.d/elogind.conf to handle uaccess rules correctly.
Thanks to LuckyCyborg.
l/cairo-1.18.2-x86_64-2.txz: Rebuilt.
[PATCH] cff: Don't fail if no local subs.
Fixes printing PDFs with CUPS. Thanks to pee_bee and reddog83.
l/glib2-2.82.1-x86_64-1.txz: Upgraded.
l/pipewire-1.2.4-x86_64-1.txz: Upgraded.
n/NetworkManager-1.48.10-x86_64-2.txz: Rebuilt.
Rebuilt to pick up the new plugin directory for ppp-2.5.1.
n/bind-9.20.2-x86_64-1.txz: Upgraded.
n/openssh-9.9p1-x86_64-1.txz: Upgraded.
Future deprecation notice: OpenSSH plans to remove support for the DSA
signature algorithm in early 2025. For now, this package retains DSA
support, but plan accordingly.
n/ppp-2.5.1-x86_64-1.txz: Upgraded.
n/rp-pppoe-4.0-x86_64-1.txz: Upgraded.
Upstream has removed "ancient crufty scripts," so see HOW-TO-CONNECT in the
documentation if you were using those to connect previously.
a/btrfs-progs-6.11-x86_64-1.txz: Upgraded.
a/dracut-103-x86_64-1.txz: Added.
This is Red Hat's tool to generate an initramfs (aka initrd). Around here,
we try not to suffer from Not Invented Here Syndrome (some might say the
less we invent, the better ;-). It never hurts to have additional options,
and it even looks like our old friend David Cantrell is on the AUTHORS list.
I've had good luck here with:
dracut --hostonly --force /boot/initrd-6.10.11-generic.img
Thanks to Didier Spaier for convincing me to try it out.
a/gawk-5.3.1-x86_64-1.txz: Upgraded.
a/kernel-generic-6.10.11-x86_64-1.txz: Upgraded.
a/upower-1.90.6-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.11-x86-1.txz: Upgraded.
k/kernel-source-6.10.11-noarch-1.txz: Upgraded.
l/libtiff-4.7.0-x86_64-1.txz: Upgraded.
n/curl-8.10.1-x86_64-1.txz: Upgraded.
x/mesa-24.2.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20240913_6c88d9b-noarch-1.txz: Upgraded.
a/os-prober-1.83-x86_64-2.txz: Rebuilt.
I have seen the reports that os-prober can take an excessive amount of time,
but haven't had it take more than a minute and a half here on my most
populated (and fairly slow) machine. But I've found and applied a patch that
might help... let's see if this speeds things up on affected machines.
d/git-2.46.1-x86_64-1.txz: Upgraded.
d/python-setuptools-75.0.0-x86_64-1.txz: Upgraded.
l/at-spi2-core-2.54.0-x86_64-1.txz: Upgraded.
l/gsettings-desktop-schemas-47-x86_64-1.txz: Upgraded.
l/libjpeg-turbo-3.0.4-x86_64-1.txz: Upgraded.
l/python-pysol_cards-0.18.0-x86_64-1.txz: Upgraded.
l/vte-0.78.0-x86_64-1.txz: Upgraded.
testing/packages/kernel-generic-6.11.0-x86_64-1.txz: Added.
testing/packages/kernel-headers-6.11.0-x86-1.txz: Added.
testing/packages/kernel-source-6.11.0-noarch-1.txz: Added.
a/kernel-firmware-20240912_b9daf8c-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.10-x86_64-1.txz: Upgraded.
The kernel modules are now bundled into this package.
a/kernel-huge-6.10.9-x86_64-1.txz: Removed.
So long, we won't miss you.
If you were actually using kernel-huge with one of the SCSI/SAS drivers that
were built in, you'll need to use kernel-generic and an initrd that contains
the needed drivers. Otherwise, just switch to kernel-generic. It'll be fine.
If unsure, make an initrd with geninitrd and have your bootloader use it.
a/kernel-modules-6.10.9-x86_64-1.txz: Removed.
Kernel modules are now bundled with the kernel-generic package.
a/libblockdev-3.2.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.10-x86-1.txz: Upgraded.
k/kernel-source-6.10.10-noarch-1.txz: Upgraded.
l/librsvg-2.58.4-x86_64-1.txz: Upgraded.
l/protobuf-28.1-x86_64-1.txz: Upgraded.
l/pygobject3-3.50.0-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.9.12-x86_64-1.txz: Upgraded.
n/nghttp3-1.5.0-x86_64-2.txz: Rebuilt.
Make sure the cmake files are installed to the correct location.
Thanks to fulalas.
x/ibus-table-1.17.8-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/efibootmgr-18-x86_64-1.txz: Upgraded.
a/grub-2.12-x86_64-16.txz: Rebuilt.
Long ago, we began giving all the scripts in /etc/grub.d/ the .new treatment
to prevent local customizations from being overwritten with a package
upgrade. But, this no longer appears to be a good idea, especially if we're
ever going to offer the possibility to automate grub-install and grub-update.
So, we are no longer going to preserve the contents of these files when the
grub package is upgraded. We *will* however preserve the existing
permissions, so you'll be able to turn off scripts that you don't want
running, and you'll be able to make new scripts, or make edited and renamed
copies of the scripts shipped in this package, so there's no real loss of
functionality here.
It looks like 40_custom is intended to be locally edited, so we make an
exception and do not overwrite that one.
d/python-setuptools-74.1.2-x86_64-1.txz: Upgraded.
kde/okteta-0.26.17-x86_64-1.txz: Upgraded.
l/gobject-introspection-1.80.1-x86_64-2.txz: Rebuilt.
Fix running against python-setuptools-74.1.2:
[PATCH] giscanner: remove dependency on distutils.msvccompiler.
l/python-importlib_metadata-8.5.0-x86_64-1.txz: Upgraded.
n/curl-8.10.0-x86_64-1.txz: Upgraded.
a/kernel-generic-6.10.9-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.9-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.9-x86_64-1.txz: Upgraded.
ap/texinfo-7.1.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.9-x86-1.txz: Upgraded.
d/python3-3.11.10-x86_64-1.txz: Upgraded.
This update fixes security issues:
Bundled libexpat was updated to 2.6.3.
Fix quadratic complexity in parsing "-quoted cookie values with backslashes
by http.cookies.
Fixed various false positives and false negatives in IPv4Address.is_private,
IPv4Address.is_global, IPv6Address.is_private, IPv6Address.is_global.
Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs with
path starting with multiple slashes and no authority.
Remove backtracking from tarfile header parsing for hdrcharset, PAX, and
GNU sparse headers.
email.utils.getaddresses() and email.utils.parseaddr() now return ('', '')
2-tuples in more situations where invalid email addresses are encountered
instead of potentially inaccurate values. Add optional strict parameter to
these two functions: use strict=False to get the old behavior, accept
malformed inputs. getattr(email.utils, 'supports_strict_parsing', False) can
be used to check if the strict paramater is available.
Sanitize names in zipfile.Path to avoid infinite loops (gh-122905) without
breaking contents using legitimate characters.
Email headers with embedded newlines are now quoted on output. The generator
will now refuse to serialize (write) headers that are unsafely folded or
delimited; see verify_generated_headers.
For more information, see:
https://pythoninsider.blogspot.com/2024/09/python-3130rc2-3126-31110-31015-3920.htmlhttps://www.cve.org/CVERecord?id=CVE-2024-28757https://www.cve.org/CVERecord?id=CVE-2024-45490https://www.cve.org/CVERecord?id=CVE-2024-45491https://www.cve.org/CVERecord?id=CVE-2024-45492https://www.cve.org/CVERecord?id=CVE-2024-7592https://www.cve.org/CVERecord?id=CVE-2024-4032https://www.cve.org/CVERecord?id=CVE-2015-2104https://www.cve.org/CVERecord?id=CVE-2024-6232https://www.cve.org/CVERecord?id=CVE-2023-27043https://www.cve.org/CVERecord?id=CVE-2024-8088https://www.cve.org/CVERecord?id=CVE-2024-6923
(* Security fix *)
k/kernel-source-6.10.9-noarch-1.txz: Upgraded.
TEE n -> m
+AMDTEE m
+AMD_PMF m
+AMD_PMF_DEBUG n
Thanks to nick8325 for the suggestion.
l/qt5-5.15.15_20240903_363456a6-x86_64-1.txz: Upgraded.
x/noto-emoji-2.042-noarch-1.txz: Added.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
l/aom-3.10.0-x86_64-1.txz: Upgraded.
l/libpcap-1.10.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
Clean up sock_initaddress() and its callers to avoid double frees
in some cases.
Fix pcap_findalldevs_ex() not to crash if passed a file:// URL with a
path to a directory that cannot be opened.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-7256https://www.cve.org/CVERecord?id=CVE-2024-8006
(* Security fix *)
l/mozilla-nss-3.104-x86_64-1.txz: Upgraded.
n/tcpdump-4.99.5-x86_64-1.txz: Upgraded.
x/wayland-protocols-1.37-noarch-1.txz: Upgraded.
a/aaa_glibc-solibs-2.40-x86_64-5.txz: Rebuilt.
a/kernel-firmware-20240828_335a1de-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.7-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.7-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.7-x86_64-1.txz: Upgraded.
a/userspace-rcu-0.14.1-x86_64-1.txz: Upgraded.
ap/man-db-2.13.0-x86_64-1.txz: Upgraded.
ap/screen-5.0.0-x86_64-1.txz: Upgraded.
ap/vim-9.1.0702-x86_64-1.txz: Upgraded.
d/cmake-3.30.3-x86_64-1.txz: Upgraded.
d/gcc-14.2.0-x86_64-2.txz: Rebuilt.
Merge in parts of alienBOB's multilib build script, generalize the script
to work with both --enable-multilib and --disable-multilib, and otherwise
clean things up. Go ahead and build it multilib on 64-bit, because why not?
It's worth the bit of bloat to no longer have this package need to be
maintained separately and kept in sync. Thanks to alienBOB.
d/gcc-g++-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gdc-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gfortran-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gm2-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gnat-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-go-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-objc-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-rust-14.2.0-x86_64-2.txz: Rebuilt.
d/kernel-headers-6.10.7-x86-1.txz: Upgraded.
d/python-setuptools-73.0.1-x86_64-1.txz: Rebuilt.
Reverted due to regression: breaks g-ir-scanner
k/kernel-source-6.10.7-noarch-1.txz: Upgraded.
l/glibc-2.40-x86_64-5.txz: Rebuilt.
Enable multilib on 64-bit. Thanks to alienBOB.
Note that Slackware 64-bit can now run a 32-bit "Hello World!" but there
are no immediate plans to add additional multilib support by default.
Maybe down the road when bare metal 32-bit support goes away.
l/glibc-i18n-2.40-x86_64-5.txz: Rebuilt.
l/glibc-profile-2.40-x86_64-5.txz: Rebuilt.
l/gtk4-4.15.6-x86_64-1.txz: Upgraded.
l/libssh-0.11.1-x86_64-1.txz: Upgraded.
l/protobuf-28.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-certifi-2024.8.30-x86_64-1.txz: Upgraded.
l/qt6-6.7.2_20240610_3f005f1e-x86_64-6.txz: Rebuilt.
Recompiled against protobuf-28.0.
n/ca-certificates-20240830-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/mosh-1.4.0-x86_64-4.txz: Rebuilt.
Recompiled against protobuf-28.0.
n/php-8.3.11-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.11
x/mesa-24.2.1-x86_64-1.txz: Upgraded.
Thanks to lucabon for the rust-bindgen patch.
xap/vim-gvim-9.1.0702-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/vim-9.1.0686-x86_64-1.txz: Upgraded.
Build with --with-python3-stable-abi=no (which was the default until
recently). This fixes segfaults when python3 is used from vim.
Thanks to audriusk.
d/luajit-2.1.1724232689-x86_64-1.txz: Upgraded.
d/parallel-20240822-noarch-1.txz: Upgraded.
l/gst-plugins-bad-free-1.24.7-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.24.7-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.24.7-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.24.7-x86_64-1.txz: Upgraded.
l/gstreamer-1.24.7-x86_64-1.txz: Upgraded.
l/nodejs-20.17.0-x86_64-1.txz: Upgraded.
l/pipewire-1.2.3-x86_64-1.txz: Upgraded.
n/bind-9.18.29-x86_64-1.txz: Upgraded.
n/nfs-utils-2.7.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.1.1esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.1.1esr/releasenotes/
xap/vim-gvim-9.1.0686-x86_64-1.txz: Upgraded.
d/python-setuptools-73.0.1-x86_64-1.txz: Upgraded.
d/rust-bindgen-0.70.1-x86_64-1.txz: Upgraded.
n/ModemManager-1.22.0-x86_64-1.txz: Upgraded.
n/dhcpcd-10.0.10-x86_64-1.txz: Upgraded.
n/epic5-2.4-x86_64-1.txz: Upgraded.
n/libqmi-1.34.0-x86_64-2.txz: Rebuilt.
Build against libqrtr-glib with -Dqrtr=true.
n/libqrtr-glib-1.2.2-x86_64-1.txz: Added.
ModemManager-1.22.0 needs libqmi to be linked with this.
x/xorg-server-21.1.13-x86_64-3.txz: Rebuilt.
Patched changing a type from unsigned long to unsigned long long which fixes
the black screen seen on 32-bit with the modesetting driver. Seems fine on
64-bit as well, so the patch is applied for all builds. The patch to default
to modesetting for Intel graphics is restored (and the one for nouveau is kept
as well).
Thanks to Lenard Spencer for reporting that nouveau was also hitting this.
Thanks to Petri Kaukasoina for the patch.
x/xorg-server-xephyr-21.1.13-x86_64-3.txz: Rebuilt.
x/xorg-server-xnest-21.1.13-x86_64-3.txz: Rebuilt.
x/xorg-server-xvfb-21.1.13-x86_64-3.txz: Rebuilt.
a/libbytesize-2.11-x86_64-1.txz: Upgraded.
d/python-setuptools-73.0.0-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-8.4.0-x86_64-1.txz: Upgraded.
n/epic5-2.2-x86_64-1.txz: Upgraded.
n/netatalk-3.2.7-x86_64-1.txz: Upgraded.
x/xorg-server-21.1.13-x86_64-2.txz: Rebuilt.
On 32-bit, using the modesetting driver with Intel graphics is resulting in
a black screen (observed here with CoffeeLake-H GT2), so on 32-bit only let's
stop applying the patch that was making xorg-server use modesetting by
default. Thanks to LuckyCyborg and Petri Kaukasoina.
Fix build with gcc-14.2.
x/xorg-server-xephyr-21.1.13-x86_64-2.txz: Rebuilt.
x/xorg-server-xnest-21.1.13-x86_64-2.txz: Rebuilt.
x/xorg-server-xvfb-21.1.13-x86_64-2.txz: Rebuilt.
xfce/xfce4-screenshooter-1.11.1-x86_64-1.txz: Upgraded.
a/eudev-3.2.14-x86_64-2.txz: Rebuilt.
Add a few more modules to /lib/modprobe.d/watchdog.conf.
a/kmod-33-x86_64-1.txz: Upgraded.
ap/sc-im-0.8.4-x86_64-1.txz: Upgraded.
ap/scdoc-1.11.3-x86_64-1.txz: Added.
This is needed to build kmod-33.
d/luajit-2.1.1723675123-x86_64-1.txz: Upgraded.
d/rust-bindgen-0.70.0-x86_64-1.txz: Upgraded.
l/librsvg-2.58.3-x86_64-1.txz: Upgraded.
x/mesa-24.2.0-x86_64-2.txz: Rebuilt.
Updated the subprojects and recompiled.
a/aaa_glibc-solibs-2.40-x86_64-4.txz: Rebuilt.
a/sysvinit-scripts-15.1-noarch-21.txz: Rebuilt.
rc.S: fix_errors when mounting a bcachefs filesystem. Thanks to 0XBF.
l/glibc-2.40-x86_64-4.txz: Rebuilt.
On 32-bit, add these compile flags:
-mstackrealign
This is needed for compatibility with old binaries, thanks to iive.
-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer
Without these, both nouveau and the nvidia driver are prone to crashes and
hangs. Thanks to UnrelatedMicrowave.
On both 32-bit and 64-bit, add --enable-multi-arch. This will enable
optimized assembly code within glibc, depending on the CPU detected.
Thanks to iive.
With -mstackrealign and --enable-multi-arch on 32-bit, I believe that
-march= could be set to any x86 arch -- it's merely a decoration.
l/glibc-i18n-2.40-x86_64-4.txz: Rebuilt.
l/glibc-profile-2.40-x86_64-4.txz: Rebuilt.
l/gtk4-4.14.5-x86_64-1.txz: Upgraded.
l/python-markdown-3.7-x86_64-1.txz: Upgraded.
x/libglvnd-1.7.0-x86_64-2.txz: Rebuilt.
Use the new compiler flags. On 32-bit, add -mstackrealign just in case.
xfce/xfce4-notifyd-0.9.6-x86_64-1.txz: Upgraded.
a/kernel-generic-6.10.5-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.5-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.5-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.5-x86-1.txz: Upgraded.
d/python-setuptools-72.2.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.10.5-noarch-1.txz: Upgraded.
kde/okteta-0.26.16-x86_64-1.txz: Upgraded.
n/dovecot-2.3.21.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
A large number of address headers in email resulted in excessive CPU usage.
Abnormally large email headers are now truncated or discarded, with a limit
of 10MB on a single header and 50MB for all the headers of all the parts of
an email.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-23184https://www.cve.org/CVERecord?id=CVE-2024-23185
(* Security fix *)
n/lynx-2.9.2-x86_64-1.txz: Upgraded.
x/mesa-24.2.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.9.5-x86_64-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.14.0-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-7.0.2.
Thanks to Petri Kaukasoina.
extra/xv/xv-6.0.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
testing/packages/aaa_glibc-solibs-2.40-x86_64-3.txz: Rebuilt.
testing/packages/glibc-2.40-x86_64-3.txz: Rebuilt.
Let's try this again with these options on both sides:
-mstackrealign -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer
testing/packages/glibc-i18n-2.40-x86_64-3.txz: Rebuilt.
testing/packages/glibc-profile-2.40-x86_64-3.txz: Rebuilt.